I opened the following ticket which was unceremoniously closed by a committer:
http://code.djangoproject.com/ticket/10518 Here is the text from the ticket: >> I have set the SESSION_COOKIE_AGE value in my settings.py file to expire >> sessions after 1 hour. Django successfully logs the user out of the session, >> however, the backend does not behave as one would expect in this situation. >> If a user logged out under normal conditions (i.e., clicks a "Logout" link), >> the session information is cleared from the "django.sessions" table. As >> such, I would expect an idle timeout (which is just a timed logout) to >> behave in the same manner. Unfortunately, Django simply creates a new >> session entry in the "django.sessions" table and the old, expired session >> remains in the table. The end result is a bloated "django.sessions" table >> that needs to be maintained through an external script. The reason for closing the ticket was the following: >> This is the documented behavior. See >> http://docs.djangoproject.com/en/dev/topics/http/sessions/#clearing-the-session-table And my response: >> I completely disagree with this assessment. Just because it's "documented >> behavior" doesn't make it correct. >> Django terminates the session based upon the expiring cookie. As such, the >> timeout process should call "django.contrib.auth.logout", which clears out >> records from the django.sessions table. >> How is the process of idling out any different from the user explicitly >> clicking a logout link? One is an implicit logout, whereas the other is an >> explicit logout. At the end of the day, its the same net result -- a user's >> session has ended. This behavior should be fixed. Does anyone else agree with my viewpoints on this matter? If so, please post your comments in the ticket. IMO, this is a bug in Django. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---