CODEWITHSUNDEEP
djangopython-3.xcookiessession-cookies
sprksh
sprksh

Reputation: 2384

Django session cookie expiry date

I am running a django (1.10) site. In settings, I have defined SESSION_COOKIE_AGE = 60*60*24*365 and it was setting the cookie expiry 1 year from creation.

Recently, the session is expiring at session end. Simply put, perhaps the session expiry is not being set although it is still defined in settings as earlier.

What can be the problem. Why the default behaviour is not being followed. I am facing the same problem in local server, testing server and production.

I understand that the question is not clear as I have no idea what is the root of the problem. What I want is setting sessionid cookie's expiry date to be one year from creation.

Any pointers would be helpful.

Upvotes: 3

Views: 4440

Answers (1)

kagronick
kagronick

Reputation: 2688

That code takes place in /django/contrib/sessions/middleware.py. You can see in this block of code what is going on:

if (modified or settings.SESSION_SAVE_EVERY_REQUEST) and not empty:
    if request.session.get_expire_at_browser_close():
        max_age = None
        expires = None
    else:
        max_age = request.session.get_expiry_age()
        expires_time = time.time() + max_age
        expires = cookie_date(expires_time)

    # Save the session data and refresh the client cookie.
    # Skip session save for 500 responses, refs #3881.
    if response.status_code != 500:
        try:
            request.session.save()
        except UpdateError:
            raise SuspiciousOperation(
                "The request's session was deleted before the "
                "request completed. The user may have logged "
                "out in a concurrent request, for example."
            )
        response.set_cookie(
            settings.SESSION_COOKIE_NAME,
            request.session.session_key, max_age=max_age,
            expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
            path=settings.SESSION_COOKIE_PATH,
            secure=settings.SESSION_COOKIE_SECURE or None,
            httponly=settings.SESSION_COOKIE_HTTPONLY or None,
        )

If get_expire_at_browser_close() returns true, regardless of the expiry age, its going to set the session to expire when the browser closes. Use a debugger or a print statement to check why/if that function is returning true. If it isn't returning true, it may be a browser/configuration issue. You can see exactly what Django is writing out in the set_cookie function at the end. If everything there looks good your issue might be on the browser side.

Upvotes: 1

Related Questions