Issue #103 resolved

cookie 'max-age'

Anonymous created an issue

Robert Szefler wrote on the cherrypy-users list: {{{ For the past 1 hour I have been trying to locate a session handling bug in cherrypy. This is what I found in

cpg.response.simpleCookie[cpg.configOption.sessionCookieName] = sessionId cpg.response.simpleCookie[cpg.configOption.sessionCookieName]['path'] = '/' cpg.response.simpleCookie[cpg.configOption.sessionCookieName]['version'] = 1 Now, you forgot something, eh? Like... cpg.response.simpleCookie[cpg.configOption.sessionCookieName]['max-age'] = \ int(cpg.configOption.sessionTimeout*60) }}}

Reported by rboerma

Comments (3)

  1. Anonymous

    You also should set expiry time; some browsers (IE?) require expiry time, some (FF?) are satisfied with max-age.

  2. Anonymous

    This is deliberate ... The cookie is a "session" cookie (ie: it has no "max-age" or "expires" header and expires when the user closes the browser). The cookie expires on the server side. What was the bug you were observing ? Please re-open this ticket to describe the bug.

  3. Log in to comment