I saw I can set up session timout configuring beaker.session.timeout insisde dev.ini. It works ok, but, is there any way to force going to logout handler url when any controller method gets calles once the session has timed out?
Hola Juan,
The age of the cookie which is used to store your credentials, will make
that cookie to be invalid (outdated) once it expires. As far as i know you
dont have to do anything.
Saludos
León Domingo
El 01/06/2012 22:17, "Juan Antonio Ibáñez" <juanito1...@gmail.com> escribió:
> I saw I can set up session timout configuring beaker.session.timeout
> insisde dev.ini. It works ok, but, is there any way to force going to
> logout handler url when any controller method gets calles once the session
> has timed out?
> Regards
> --
> You received this message because you are subscribed to the Google Groups
> "TurboGears" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/turbogears/-/6M0vDiOlqucJ.
> To post to this group, send email to turbogears@googlegroups.com.
> To unsubscribe from this group, send email to
> turbogears+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/turbogears?hl=en.
I can see as session gets destroyed but I can still call controllers methods without being redirected to logout handler. All these methods have @require predicates. I read something about that repoze uses a different cookie than beaker to maintain the login auth
El sábado, 2 de junio de 2012 01:46:29 UTC+2, León Domingo escribió:
> Hola Juan,
> The age of the cookie which is used to store your credentials, will make > that cookie to be invalid (outdated) once it expires. As far as i know you > dont have to do anything.
> Saludos
> León Domingo
> El 01/06/2012 22:17, "Juan Antonio Ibáñez" <juanito1...@gmail.com> > escribió:
>> Hello boys,
>> I saw I can set up session timout configuring beaker.session.timeout >> insisde dev.ini. It works ok, but, is there any way to force going to >> logout handler url when any controller method gets calles once the session >> has timed out?
>> Regards
>> -- >> You received this message because you are subscribed to the Google Groups >> "TurboGears" group.
>> To view this discussion on the web visit >> https://groups.google.com/d/msg/turbogears/-/6M0vDiOlqucJ.
>> To post to this group, send email to turbogears@googlegroups.com.
>> To unsubscribe from this group, send email to >> turbogears+unsubscribe@googlegroups.com.
>> For more options, visit this group at >> http://groups.google.com/group/turbogears?hl=en.
Yes, authentication and session use two different cookies.
You can expire auth cookie using both using tg.response.delete_cookie
or request.environ['repoze.who.plugins']['main_identifier'].forget
method.
On Sat, Jun 2, 2012 at 8:14 AM, Juan Antonio Ibáñez
<juanito1...@gmail.com> wrote:
> I can see as session gets destroyed but I can still call controllers methods
> without being redirected to logout handler. All these methods have @require
> predicates. I read something about that repoze uses a different cookie than
> beaker to maintain the login auth
> El sábado, 2 de junio de 2012 01:46:29 UTC+2, León Domingo escribió:
>> Hola Juan,
>> The age of the cookie which is used to store your credentials, will make
>> that cookie to be invalid (outdated) once it expires. As far as i know you
>> dont have to do anything.
>> Saludos
>> León Domingo
>> El 01/06/2012 22:17, "Juan Antonio Ibáñez" <juanito1...@gmail.com>
>> escribió:
>>> Hello boys,
>>> I saw I can set up session timout configuring beaker.session.timeout
>>> insisde dev.ini. It works ok, but, is there any way to force going to logout
>>> handler url when any controller method gets calles once the session has
>>> timed out?
>>> Regards
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "TurboGears" group.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msg/turbogears/-/6M0vDiOlqucJ.
>>> To post to this group, send email to turbogears@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> turbogears+unsubscribe@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/turbogears?hl=en.
> To post to this group, send email to turbogears@googlegroups.com.
> To unsubscribe from this group, send email to
> turbogears+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/turbogears?hl=en.
What I need is to know how to set up auth session duration, to be renewed
in each controller method call and to be redirected to logout handler when
a controller method gets called once auth session has expired
El 02/06/2012 12:16, "Alessandro Molina" <alessandro.mol...@gmail.com>
escribió:
> Yes, authentication and session use two different cookies.
> You can expire auth cookie using both using tg.response.delete_cookie
> or request.environ['repoze.who.plugins']['main_identifier'].forget
> method.
> On Sat, Jun 2, 2012 at 8:14 AM, Juan Antonio Ibáñez
> <juanito1...@gmail.com> wrote:
> > I can see as session gets destroyed but I can still call controllers
> methods
> > without being redirected to logout handler. All these methods have
> @require
> > predicates. I read something about that repoze uses a different cookie
> than
> > beaker to maintain the login auth
> > El sábado, 2 de junio de 2012 01:46:29 UTC+2, León Domingo escribió:
> >> Hola Juan,
> >> The age of the cookie which is used to store your credentials, will make
> >> that cookie to be invalid (outdated) once it expires. As far as i know
> you
> >> dont have to do anything.
> >> Saludos
> >> León Domingo
> >> El 01/06/2012 22:17, "Juan Antonio Ibáñez" <juanito1...@gmail.com>
> >> escribió:
> >>> Hello boys,
> >>> I saw I can set up session timout configuring beaker.session.timeout
> >>> insisde dev.ini. It works ok, but, is there any way to force going to
> logout
> >>> handler url when any controller method gets calles once the session has
> >>> timed out?
> >>> Regards
> >>> --
> >>> You received this message because you are subscribed to the Google
> Groups
> >>> "TurboGears" group.
> >>> To view this discussion on the web visit
> >>> https://groups.google.com/d/msg/turbogears/-/6M0vDiOlqucJ.
> >>> To post to this group, send email to turbogears@googlegroups.com.
> >>> To unsubscribe from this group, send email to
> >>> turbogears+unsubscribe@googlegroups.com.
> >>> For more options, visit this group at
> >>> http://groups.google.com/group/turbogears?hl=en.
> > To post to this group, send email to turbogears@googlegroups.com.
> > To unsubscribe from this group, send email to
> > turbogears+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/turbogears?hl=en.
> --
> You received this message because you are subscribed to the Google Groups
> "TurboGears" group.
> To post to this group, send email to turbogears@googlegroups.com.
> To unsubscribe from this group, send email to
> turbogears+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/turbogears?hl=en.
On Sat, Jun 2, 2012 at 12:48 PM, Juan Antonio Ibañez Santorum
<juanito1...@gmail.com> wrote:
> What I need is to know how to set up auth session duration, to be renewed in
> each controller method call and to be redirected to logout handler when a
> controller method gets called once auth session has expired
You can easily achieve this by checking in BaseController.__call__ for
session expiration and renew it every time.
Another option is to store, instead of using a Beaker session, your
data into request.identity['userdata'] which will last until the user
is logged.
Beaker session is mostly provided as a way to store temporary data
related to the browsing session instead of user or when no
authentication is provided.
Thank you very much Alessandro. I think I've found the way to set auth
cookie timeout setting following options in dev.ini:
base_config.sa_auth.cookie_timeout = X
base_config.sa_auth.cookie_reissue_time = Y
As I can read in repoze docs, AuthTktCookiePlugin: "If reissue_time is
specified, when we encounter a cookie that is older than the reissue time
(in seconds), but younger that the timeout, a new cookie will be issued. If
timeout is specified, you must also set reissue_time to a lower value."
> On Sat, Jun 2, 2012 at 12:48 PM, Juan Antonio Ibañez Santorum
> <juanito1...@gmail.com> wrote:
> > What I need is to know how to set up auth session duration, to be
> renewed in
> > each controller method call and to be redirected to logout handler when a
> > controller method gets called once auth session has expired
> You can easily achieve this by checking in BaseController.__call__ for
> session expiration and renew it every time.
> Another option is to store, instead of using a Beaker session, your
> data into request.identity['userdata'] which will last until the user
> is logged.
> Beaker session is mostly provided as a way to store temporary data
> related to the browsing session instead of user or when no
> authentication is provided.
> --
> You received this message because you are subscribed to the Google Groups
> "TurboGears" group.
> To post to this group, send email to turbogears@googlegroups.com.
> To unsubscribe from this group, send email to
> turbogears+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/turbogears?hl=en.
> Thank you very much Alessandro. I think I've found the way to set auth
> cookie timeout setting following options in dev.ini:
> base_config.sa_auth.cookie_timeout = X
> base_config.sa_auth.cookie_reissue_time = Y
> As I can read in repoze docs, AuthTktCookiePlugin: "If reissue_time is
> specified, when we encounter a cookie that is older than the reissue time
> (in seconds), but younger that the timeout, a new cookie will be issued. If
> timeout is specified, you must also set reissue_time to a lower value."
>> On Sat, Jun 2, 2012 at 12:48 PM, Juan Antonio Ibañez Santorum
>> <juanito1...@gmail.com> wrote:
>> > What I need is to know how to set up auth session duration, to be
>> renewed in
>> > each controller method call and to be redirected to logout handler when
>> a
>> > controller method gets called once auth session has expired
>> You can easily achieve this by checking in BaseController.__call__ for
>> session expiration and renew it every time.
>> Another option is to store, instead of using a Beaker session, your
>> data into request.identity['userdata'] which will last until the user
>> is logged.
>> Beaker session is mostly provided as a way to store temporary data
>> related to the browsing session instead of user or when no
>> authentication is provided.
>> --
>> You received this message because you are subscribed to the Google Groups
>> "TurboGears" group.
>> To post to this group, send email to turbogears@googlegroups.com.
>> To unsubscribe from this group, send email to
>> turbogears+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/turbogears?hl=en.
> On Sat, Jun 2, 2012 at 12:48 PM, Juan Antonio Ibañez Santorum > <juanito1...@gmail.com> wrote: > > What I need is to know how to set up auth session duration, to be > renewed in > > each controller method call and to be redirected to logout handler when > a > > controller method gets called once auth session has expired
> You can easily achieve this by checking in BaseController.__call__ for > session expiration and renew it every time.
> Another option is to store, instead of using a Beaker session, your > data into request.identity['userdata'] which will last until the user > is logged. > Beaker session is mostly provided as a way to store temporary data > related to the browsing session instead of user or when no > authentication is provided.
