Thanks for the advice. It's indeed a rude way to force session to expire only depend on the absolute time. User always encounters session-expired event when posting something. I will consider your way 3). But how the django know user has closed the browser ?
在 2016年12月26日星期一 UTC+8上午5:24:07,Melvyn Sopacua写道: > > Hi, > > > > On Sunday 25 December 2016 11:14:03 ludovic coues wrote: > > > I believe that is the intended behaviour. > > > > > > When I use a banking site for example, I don't want to be disconnected > > > while doing operations 5 minutes after login in. I want the session > > > to expire when I stop using it. > > > > There is actually 3 ways to handle sessions: > > 1) Session expires at fixed time in the future and is not extended by use > (disruptive, almost never a good thing). > > 2) Session expires when not used for configured time. It is extended by > use. Cookie is also extended (Django's behavior). > > 3) Session expires when not used for configured time. It is extended by > use. Cookie has no expiration time and is expired when browser window is > closed. > > > > The 3rd is useful so that if you close your browser, someone else cannot > resume your session even if the session is still valid and it still does > not have the disruptive characteristics of the first method. > > > > This 3rd method can be enabled using SESSION_EXPIRE_AT_BROWSER_CLOSE. See > this > link > <https://docs.djangoproject.com/en/1.10/topics/http/sessions/#browser-length-sessions-vs-persistent-sessions> > > for information. > > > > > > As pratical example, I set settings.SESSION_COOKIE_AGE=30. as long > > > > as > > > > I visited my site during `SESSION_COOKIE_AGE` , the cookie with > > > > session_key will persist forever ! > > > > > > > > What I want is that django will force session to expire if time past > > > > `SESSION_COOKIE_AGE` seconds after the moment session_key generated. > > > > So how to config my project ? > > > > What is the reason you want this? It's almost never a good a thing. Only > good case I can think of is in game or test settings, where you need to > complete certain tasks within a set timeframe. > > > > -- > > Melvyn Sopacua > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/7b619ac4-e77c-4aae-945f-403c0f4b6016%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
