i am having an issue with keeping the user logged in (remember me). I have installed django-session-security and configured the following settings:
#SESSION SECURITY SETTINGS
SESSION_SECURITY_WARN_AFTER = 540
SESSION_SECURITY_EXPIRE_AFTER = 600
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
SESSION_COOKIE_DOMAIN = '.domain.com'
Now when a user logs in and has the "remember me" ticked i override the "SESSION_EXPIRE_AT_BROWSER_CLOSE" setting using this:
#Creating the session (no expire/expire) based on choice
if request.POST.get('checkbox', None):
#setting the cookie for a week and overriding the expire at browser close.
#session timing will still be in place.
request.session.set_expiry(604800)
settings.SESSION_EXPIRE_AT_BROWSER_CLOSE = False
else:
#Session will expire at browser close.
#session timing will still be in place.
pass
login(request,user)
I see that the cookie is stored with the correct expiration date, but when i close the browser for 15 20 minutes the session disappears.
Am i doing something wrong ?
Thanks for your help!
David
You have added SESSION_EXPIRE_AT_BROWSER_CLOSE=True in your settings file and settings.SESSION_EXPIRE_AT_BROWSER_CLOSE = False in your code sometimes these may be creating conflicts.