I'm trying to change the behavior of my session cookies. Currently, if a user does not log out before closing his browser, then he can return to the admin anytime within 2 weeks without being prompted to log in again. Ideally I want the session cookie to be erased when the user closes his browser, which would allow for indefinite session length (as long as the browser remains open), but it would not allow someone to return to the admin area without logging in again if he closes his browser without logging out. If this is not possible, then I supposed I could just change the cookie age to 12 hours so sessions would not (very likely) persist for more than a day. I tried this in global_settings.py:
SESSION_COOKIE_AGE = 0 and SESSION_COOKIE_AGE = 1 ...but it continues to set cookies that expire in 2 weeks. I am making sure to log out, remove the cookie, and close my browser before attempting to log in again after I change the setting. Also, I tried restarting the test server after modifying the setting, but it seems that Django is simply ignoring the setting. So, a couple questions... Does SESSION_COOKIE_AGE = 0 force a user's browser to erase the cookie when the browser closes, even if the browser is set to keep cookies until they expire? Why is Django not appying the changes I make in global_settings.py? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
