0

I am trying to set cookies to never expire (even after browser has been closed) in Google App Engine using the documentation for webapp2 sessions and building a response. I've tried:

Code snippet 1:

from webapp2
from webapp2_extras import sessions

class MainHandler(webapp2.RequestHandler):
    def never_expire_session(self):
        sessions.get_session(name='my_session', max_age=2147483647)

    @login_required
    def get(self):
    ....
    html_template = JINJA_ENVIRONMENT.get_template('index.html').render(myapp)
    self.response.out.write(html_template)

OR

Code snippet 2:

class MainHandler(webapp2.RequestHandler):
    def never_expire_session(self):
        return self.response.set_cookie('my_session', max_age=2147483647)

    @login_required
    def get(self):
    ....
    html_template = JINJA_ENVIRONMENT.get_template('index.html').render(myapp)
    self.never_expire_session()
    self.response.out.write(html_template)

Code Snippet 2 results in a response of NoneNone. (Not sure the output of the first code snippet.)

I have also tried the answer here, that recommends configuring the parameters:

config = {}
config['webapp2_extras.sessions'] = {'session_max_age': 2147483647}
....
....
app = webapp2.WSGIApplication([
....
], debug=True, config=config)

I've cleared my cookies, restarted my browser, and checked the console and the cookie value shows as a randomly generated sequence of numbers and letters and the expiration of the cookie is set to one year from datetime.now. Nothing I've tried works.

How can I correctly set the session cookie so it never expires, even on browser exit?

Community
  • 1
  • 1
bruntime
  • 371
  • 2
  • 13
  • What are those first two snippets supposed to be doing? What is calling `never_expire_session`? Why do you switch between cookies and sessions? – Daniel Roseman Jan 25 '17 at 15:34
  • I believe I should be using cookies based on the documentation and Stackoverflow questions I've read so far. But in this [post](http://stackoverflow.com/questions/3684620/is-possible-to-keep-session-even-after-the-browser-is-closed), @jwueller states, "Sessions work with cookies, which are deleted when the browser is closed, unless they have a specific life-time." From my understanding, if I extend session max-age, it will do the same thing as using a cookie? So Code Snippet 1 and 2 are essentially supposed to do the same thing: extend the session max-age. I just don't know which to use. – bruntime Jan 25 '17 at 16:07
  • Updated code to include where I call `never_expire_session` (in Code snippet 2) – bruntime Jan 25 '17 at 18:58

2 Answers2

0

I was experiencing a caching issue which prevented my session cookie from showing in the developer console and being applied. After erasing the browser history and restarting my computer, it cleared the cache. Eventually I got it to work with the following:

from webapp2

class MainHandler(webapp2.RequestHandler):
    def get(self):
         the_value = ''.join(SystemRandom().choice(string.digits _ string.ascii_lowercase) for_in range (50))
         max_age = 2147483647
         # max age for Internet Explorer
         cookie_expires = datetime.datetime.now() + datetime.timedelta (200)
         return self.response.set_cookie('my_cookie', the_value, max_age=max_age, httponly=True, secure=True)

NOTE: if you want to apply this change to a specific cookie, rename "my_cookie" to that cookie (i.e. "SACSID" a cookie on many Google applications)

bruntime
  • 371
  • 2
  • 13
0

We can even do this using webapp2_extras.sessions, no need for response.set_cookie(...). There's a default_config dictionary in webapp2_extras.sessions, just set the max_age to 2147483647 or whatever time (in seconds) works for you, it should work. Worked in my case. Look over the official documentation for more info about default_config.

sessions.default_config['cookie_args']['max_age'] = 2147483647