<https://lh3.googleusercontent.com/-MCd2-kRHmNg/WF44kxNVDNI/AAAAAAAAAAg/0Xf_TpG1YAUVUzpzdNyb3ZYpxiveGQlfQCLcB/s1600/session_bug.png> django version is 1.10.4
Jsut as the source code shows, session middleware will refresh expires_time with value time.*time*()+max_age, if the the status code of response is not 500. What was really weird is the variable `*max_age*` , which returned by function `request.session.*get_expiry_age*()`, always equals to settings.SESSION_COOKIE_AGE (positive integer). that leads to '*expire_date*' stored in `django_session` table, is bigger time.*time*(). In the other words, this session item never expired in back-end db!!! what's more, session middleware will send the new `expires` to browser by call function response.*set_cookie*(), which means this session item never expired in user's browser too !!! As pratical example, I set settings.SESSION_COOKIE_AGE=30. as long as I visited my site during `SESSION_COOKIE_AGE` , the cookie with session_key will persist forever ! What I want is that django will force session to expire if time past `SESSION_COOKIE_AGE` seconds after the moment session_key generated. So how to config my project ? -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/030c570c-e085-431c-817f-27eb70e069d7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
