According to Django documentation, "if SESSION_EXPIRE_AT_BROWSER_CLOSE is set to True, Django will use browser-length cookies -- cookies that expire as soon as the user closes his or her browser. Use this if you want people to have to log in every time they open a browser."
And that is what I did by adding the following line to my settings.py file (and restarting the server):
# Close the session when user closes the browser
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
Then I logged into a page which checks if the user is authenticated, and then I closed the browser. When I open my browser again and visit the same page it does not ask for a username and a password because it passes the following test apparently:
def check_teacher(request):
result = {}
if request.user.is_authenticated():
...
What am I doing wrong or what am I missing? Any suggestions?
I'm using Django version 1.3 pre-alpha SVN-13858 on my Ubuntu GNU/Linux 10.10 system and running the above example using the Django development server.
Closing the tab or window does not count as closing the browser. Make sure you quit the browser program to end a browser session.
If that does not help, use FireBug in firefox or Web Inspector in Safari to double check the headers in the response on your initial page hit. The initial page hit can be one of many things; when you first open the browser, when you logout or immediately after clearing cookies. With SESSION_EXPIRE_AT_BROWSER_CLOSE = True
you should see something like this in the header:
Set-Cookie:sessionid=f4c06139bc46a10e1a30d5f0ab7773e2; Path=/
And when SESSION_EXPIRE_AT_BROWSER_CLOSE = False
an expires=...
value will be added:
Set-Cookie:sessionid=a532f3d7dc314afc58e8f676ed72280e; expires=Wed, 03-Nov-2010 17:08:45 GMT; Max-Age=1209600; Path=/
If you have a hard time seeing the Set-Cookie
header because of redirects you can try using django-debug-toolbar to break the redirects up into multiple pages.
@istruble and @haasfsafas are both correct. The solution is to
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
django_session
table to clear out any sessions that might cause confusion. (delete from django_session
)The change will not apply unless you run the manage.py syncdb
again.
You have to cleanup the sessions in DB:
delete FROM django_session
For anyone who still doesn't fix the issue after trying all the above solutions, here is one more.
Add this SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
along with the SESSION_EXPIRE_AT_BROWSER_CLOSE = True
It works out for me, good luck folks.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With