Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Fixed #395 -- Added SESSION_EXPIRE_AT_BROWSER_CLOSE setting, which re…

…gulates whether session framework should use browser-session-length cookies.

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 26b61aa8131c2bce21be22aa4d00720d6c1326ad 1 parent dbcd2fe
@adrianholovaty adrianholovaty authored
1  django/conf/
@@ -235,6 +235,7 @@
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds (default: 2 weeks).
SESSION_COOKIE_DOMAIN = None # A string like "", or None for standard domain cookie.
SESSION_SAVE_EVERY_REQUEST = False # Whether to save the session data on every request.
+SESSION_EXPIRE_AT_BROWSER_CLOSE = False # Whether sessions expire when a user closes his browser.
9 django/contrib/sessions/
@@ -79,9 +79,14 @@ def process_response(self, request, response):
if modified or settings.SESSION_SAVE_EVERY_REQUEST:
session_key = request.session.session_key or Session.objects.get_new_session_key()
+ max_age = None
+ expires = None
+ else:
+ max_age = settings.SESSION_COOKIE_AGE
+ expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT")
new_session =, request.session._session, + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
- expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT")
response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
- max_age=settings.SESSION_COOKIE_AGE, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN)
+ max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN)
return response
24 docs/sessions.txt
@@ -197,6 +197,22 @@ will be sent on every request.
Similarly, the ``expires`` part of a session cookie is updated each time the
session cookie is sent.
+Browser-length sessions vs. persistent sessions
+You can control whether the session framework uses browser-length sessions vs.
+persistent sessions with the ``SESSION_EXPIRE_AT_BROWSER_CLOSE`` setting.
+By default, ``SESSION_EXPIRE_AT_BROWSER_CLOSE`` is set to ``False``, which
+means session cookies will be stored in users' browsers for as long as
+``SESSION_COOKIE_AGE``. Use this if you don't want people to have to log in
+every time they open a browser.
+If ``SESSION_EXPIRE_AT_BROWSER_CLOSE`` is set to ``True``, Django will use
+browser-length cookies -- cookies that expire as soon as the user closes his or
+her browser. Use this if you want people to have to log in every time they open
+a browser.
@@ -225,6 +241,14 @@ Default: ``'sessionid'``
The name of the cookie to use for sessions. This can be whatever you want.
+Default: ``False``
+Whether to expire the session when the user closes his or her browser. See
+"Browser-length sessions vs. persistent sessions" above.
8 docs/settings.txt
@@ -603,6 +603,14 @@ Default: ``'sessionid'``
The name of the cookie to use for sessions. This can be whatever you want.
See the `session docs`_.
+Default: ``False``
+Whether to expire the session when the user closes his or her browser.
+See the `session docs`_.

0 comments on commit 26b61aa

Please sign in to comment.
Something went wrong with that request. Please try again.