You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The cookie for storing the session id in the web browser is set using self._setcookie in line 155 of sessions.py.
The same method is also called to delete the cookie, so it has a parameter called expires which defaults to an empty string. All the other options are taken from self._config instead inside the method, but not this one.
This means the timeout parameter is ignored, since setting web.config.session_parameters['timeout'] to any value does virtually nothing. If the user closes the web browser, then open it again, the cookie with the session id won't be there anymore so the session can't be recovered.
Changing the line 155 fixes the issue for me and sessions are preserved even if I close and reopen the browser, which I think should be the intended behaviour.
The text was updated successfully, but these errors were encountered:
gentakojima
changed the title
Cookies storing the session id are always trated like session cookies, ignoring the timeout config parameter
Cookies storing the session id are always treated like session cookies, ignoring the timeout config parameter
Oct 17, 2022
The cookie for storing the session id in the web browser is set using
self._setcookie
in line 155 ofsessions.py
.The same method is also called to delete the cookie, so it has a parameter called
expires
which defaults to an empty string. All the other options are taken fromself._config
instead inside the method, but not this one.This means the
timeout
parameter is ignored, since settingweb.config.session_parameters['timeout']
to any value does virtually nothing. If the user closes the web browser, then open it again, the cookie with the session id won't be there anymore so the session can't be recovered.Changing the line 155 fixes the issue for me and sessions are preserved even if I close and reopen the browser, which I think should be the intended behaviour.
From this:
To this:
Changing the
self._setcookie
definition just below should cause the same effect, since this method is only called twice, but I didn't test it.From this:
To this:
The text was updated successfully, but these errors were encountered: