If you restart the app with runserver while creating the django app
Even if I reloaded the screen or hit the URL directly, I was still logged in.
I doubted the @login_required defined in views.py, but there was no problem.
When is the login session updated in the first place? Make a memorandum of what you have learned about the login session, how long it will be retained.
For the django session, I mainly referred to ↓
Session information manages session information data in the django_sessino table. Session data is inserted at login, and session data is deleted at logout. That is, authentication is in progress while session information data is registered in the django_sessino table.
The above is how to manage sessions using the database. Session management methods using files and cookies are excluded.
Whether to discard the session when the browser is closed is controlled by the parameter SESSION_EXPIRE_AT_BROWSER_CLOSE, and the default value is ** False **.
Session at browser exit
If SESSION_EXPIRE_AT_BROWSER_CLOSE is False, the session information is stored in the user's cookie.
The retention period is controlled by the SESSION_COOKIE_AGE parameter and the default value is 1209600 (** 2 weeks in seconds **).
SESSION_EXPIRE_AT_BROWSER_CLOSE to True if you want to enable login sessions while the screen is open.SESSION_EXPIRE_AT_BROWSER_CLOSE as False and SESSION_COOKIE_AGE as the period.Recommended Posts