Added settings to use the cache back-end for sessions. Separated out the preference cookie age from the session age. Made the session age refresh on each access, and set the session timeout to 4 weeks of no access.

levkowetz · levkowetz · commit 834bf08d6fce · 2016-06-24T15:44:54.000Z
- Legacy-Id: 11473
diff --git a/ietf/cookies/views.py b/ietf/cookies/views.py
@@ -34,7 +34,7 @@ def preferences(request, **kwargs):
     request.COOKIES.update(preferences)
     response = render("cookies/settings.html", preferences, context_instance=RequestContext(request))
     for key in new_cookies:
-        response.set_cookie(key, new_cookies[key], settings.SESSION_COOKIE_AGE)
+        response.set_cookie(key, new_cookies[key], settings.PREFERENCES_COOKIE_AGE)
     for key in del_cookies:
         response.delete_cookie(key)
     return response
diff --git a/ietf/settings.py b/ietf/settings.py
@@ -204,11 +204,19 @@ def skip_unreadable_post(record):
 # End logging
 # ------------------------------------------------------------------------
 
-#SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds: 2 weeks.
-SESSION_COOKIE_AGE = 60 * 60 * 24 * 365 * 50 # Age of cookie, in seconds: 50 years
 
+# SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds: 2 weeks (django default)
+SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 4 # Age of cookie, in seconds: 4 weeks
 SESSION_EXPIRE_AT_BROWSER_CLOSE = False
+# We want to use the JSON serialisation, as it's safer -- but there is /secr/
+# code which stashes objects in the session that can't be JSON serialized.
+# Switch when that code is rewritten.
+#SESSION_SERIALIZER = "django.contrib.sessions.serializers.JSONSerializer"
 SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
+SESSION_ENGINE = "django.contrib.sessions.backends.cache"
+SESSION_SAVE_EVERY_REQUEST = True
+
+PREFERENCES_COOKIE_AGE = 60 * 60 * 24 * 365 * 50 # Age of cookie, in seconds: 50 years
 
 TEMPLATE_LOADERS = (
     ('django.template.loaders.cached.Loader', (
@@ -383,6 +391,7 @@ def skip_unreadable_post(record):
     "*/management/commands/*",
     "ietf/settings*",
     "ietf/utils/test_runner.py",
+    "ietf/checks.py",
 ]
 
 TEST_COVERAGE_MASTER_FILE = os.path.join(BASE_DIR, "../release-coverage.json.gz")
@@ -690,6 +699,8 @@ def skip_unreadable_post(record):
              'BACKEND': 'django.core.cache.backends.dummy.DummyCache',
          }
     }
+    SESSION_ENGINE = "django.contrib.sessions.backends.db"
+
     if 'SECRET_KEY' not in locals():
         SECRET_KEY = 'PDwXboUq!=hPjnrtG2=ge#N$Dwy+wn@uivrugwpic8mxyPfHka'
     ALLOWED_HOSTS = ['*',]
