tags:

views:

54

answers:

1
+2  Q: 

Why doesn't SESSION_EXPIRE_AT_BROWSER_CLOSE = True log the user out when the browser is closed?

According to Django documentation, "if SESSION_EXPIRE_AT_BROWSER_CLOSE is set to True, Django will use browser-length cookies -- cookies that expire as soon as the user closes his or her browser. Use this if you want people to have to log in every time they open a browser."

And that is what I did by adding the following line to my settings.py file (and restarting the server):

# Close the session when user closes the browser
SESSION_EXPIRE_AT_BROWSER_CLOSE = True

Then I logged into a page which checks if the user is authenticated, and then I closed the browser. When I open my browser again and visit the same page it does not ask for a username and a password because it passes the following test apparently:

def check_teacher(request):
    result = {}
    if request.user.is_authenticated():
        ...

What am I doing wrong or what am I missing? Any suggestions?

I'm using Django version 1.3 pre-alpha SVN-13858 on my Ubuntu GNU/Linux 10.10 system and running the above example using the Django development server.

+1  A: 

Closing the tab or window does not count as closing the browser. Make sure you quit the browser program to end a browser session.

If that does not help, use FireBug in firefox or Web Inspector in Safari to double check the headers in the response on your initial page hit. The initial page hit can be one of many things; when you first open the browser, when you logout or immediately after clearing cookies. With SESSION_EXPIRE_AT_BROWSER_CLOSE = True you should see something like this in the header:

Set-Cookie:sessionid=f4c06139bc46a10e1a30d5f0ab7773e2; Path=/

And when SESSION_EXPIRE_AT_BROWSER_CLOSE = False an expires=... value will be added:

Set-Cookie:sessionid=a532f3d7dc314afc58e8f676ed72280e; expires=Wed, 03-Nov-2010 17:08:45 GMT; Max-Age=1209600; Path=/

If you have a hard time seeing the Set-Cookie header because of redirects you can try using django-debug-toolbar to break the redirects up into multiple pages.

istruble  2010-10-20 17:27:45
The situation is a bit clear for me now: When I keep the tab that includes my Django app open and tell Firefox to "save my tabs and windows for the next time it starts", and then close and re-start the Firefox, that tab is also opened and I can continue inside the app without having to log in. However if I close that tab, then exit the Firefox (and again tell it to save my tabs), re-start and open a new tab, visit the app's page then I'm forced to log in.
Emre Sevinç  2010-10-21 14:58:40
I have never looked into the save-for-next-time behavior of FF but it sounds like it might be storing cookies across browser instances. Double check the headers that you are sending between each instance of FF. I would not worry about it too much. If you are still curious, there is some discussion about cookies on this page that suggests that FF may be storing all cookies: https://wiki.mozilla.org/Session_Restore
istruble  2010-10-21 16:18:02
Yes, it seems to store them (I could not find any other explanation for the behaviour I describe in my comment above).
Emre Sevinç  2010-10-22 08:14:45

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django