On 12/26/06, Vadim Macagon <[EMAIL PROTECTED]> wrote:
I could probably write a new middleware class to replace
SessionMiddleware, with the only difference being the process_response()
method that would use a new request.SESSION_EXPIRE_AT_BROWSER_CLOSE
setting and if that wasn't set default to using
django.conf.setting.SESSION_EXPIRE_AT_BROWSER_CLOSE.
It sounds to me like it'd be better to make session lifetime more
configurable than it currently is.
Some small, backwards-compatible changes could be made to
SessionMiddleware to allow subclassing of SessionMiddleware without
having to replace the guts.
SessionMiddleware.get_cookie_lifetime(self,request,response) -> int, seconds
SessionMiddleware.is_renewal_needed(self,request,response) -> bool,
True if cookie/expire should be extended.
My main concern with making the change is that there aren't any unit
tests over contrib.session right now, and making those tests would
probably require mocks over request and response, which also don't
exist, apparently.
I'm jumping in here because I had to hack on SessionMiddleware to
tweak it before. :) I wanted to have session expiration pushed out
if someone visited the site near their expiration, but -not- renew on
every request.
renewal_date = (existing_expires -
datetime.timedelta(seconds=SESSION_COOKIE_RENEWAL_AGE))
if (modified or
SESSION_SAVE_EVERY_REQUEST or
renewal_date < datetime.datetime.now()
):
#issue new cookie
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
