Added SESSION_REFRESH_EACH_REQUEST config option.

This also changes how sessions are being refreshed. With the new behavior set-cookie is only emitted if the session is modified or if the session is permanent. Permanent sessions can be set to not refresh automatically through the SESSION_REFRESH_EACH_REQUEST config key. This fixes #798.
2013-07-30 16:43:54 +02:00 · 2013-07-30 16:43:54 +02:00 · d1d835c023
commit d1d835c023
parent 1a66a7e110
5 changed files with 96 additions and 0 deletions
--- a/docs/config.rst
+++ b/docs/config.rst
@ -88,6 +88,15 @@ The following configuration values are used internally by Flask:
                                  :class:`datetime.timedelta` object.
                                  Starting with Flask 0.8 this can also be
                                  an integer representing seconds.
+``SESSION_REFRESH_EACH_REQUEST``  this flag controls how permanent
+                                  sessions are refresh.  If set to `True`
+                                  (which is the default) then the cookie
+                                  is refreshed each request which
+                                  automatically bumps the lifetime.  If
+                                  set to `False` a `set-cookie` header is
+                                  only sent if the session is modified.
+                                  Non permanent sessions are not affected
+                                  by this.
 ``USE_X_SENDFILE``                enable/disable x-sendfile
 ``LOGGER_NAME``                   the name of the logger
 ``SERVER_NAME``                   the name and port number of the server.
@ -210,6 +219,9 @@ The following configuration values are used internally by Flask:
 .. versionadded:: 0.10
   ``JSON_AS_ASCII``, ``JSON_SORT_KEYS``, ``JSONIFY_PRETTYPRINT_REGULAR``

+.. versionadded:: 1.0
+   ``SESSION_REFRESH_EACH_REQUEST``
+
 Configuring from Files
 ----------------------