beaker icon indicating copy to clipboard operation
beaker copied to clipboard

Published 20 hours ago verified publisher icon bbangert

docs for session cookie expiration are wrong

Open jvanasco opened this issue 12 years ago • 1 comments

This drove me crazy for too long. I thought I was doing something wrong, and finally went though all my code and found an error in Beaker's docs...

The docs read:

cookie_expires (optional, bool, datetime, timedelta, int) Determines when the cookie used to track the client-side of the session will expire. When set to a boolean value, it will either expire at the end of the browsers session, or never expire Defaults to never expiring

This is incorrect.

The default value in beaker/session.py::Session(dict) [line 74] for cookie_expires is True

However, according to the code [ def _set_cookie_expires(self) , line 187 ] the following logic occurs:

  1. if the value is False, the expire time becomes datetime.fromtimestamp(0x7FFFFFFF) datetime.datetime(2038, 1, 18, 22, 14, 7)
  2. if the value is True, expires is set to None, which causes a Session-only cookie

The docs should read:

Determines when the cookie used to track the client-side of the session will expire. When set to a boolean value, it will either expire at the end of the browsers session (True), or never expire (False). Defaults to False -- expiring at the end of a browser session.

I'm assuming the docs are wrong, and not the code, because it would make sense to default to a session-only cookie as a security precaution.

The "never expires" is also a bit of a stretch It sets a cookie that expires in 2038. Might be good to either note that, or change the code so it expires in 10years from whatever date you're on.

( btw, I never would have noticed this if it weren't for Apple's Safari having an internal process crash every 30 minutes , which redraws all the windows within a new browser session. )

jvanasco avatar Dec 14 '12 16:12 jvanasco

For me it doesn't work nor for cookie_expires=True, nor cookie_expires=False. I'm using it with: Beaker==1.6.4 pyramid-beaker==0.7 With what options does it work for you? Only cookie_expires or smth additional? What version of Beaker do you use? Also I haven't found in docs how ho properly change expiration date for "remember me".

I'm sorry in Firefox for me it work with cookie_expire=True. previously I tested in chromium (with multiply opened).

lud4ik avatar May 08 '13 10:05 lud4ik