Beaker sessions & removing browser cookie

[Mark Huang]

Hi all,

I'm using beaker sessions in my pyramid application.  I am using session.type = file.  I currently have a problem:

When the user hits the login page, he is able to login.  However, if he logs out (loggin out will bring him back to the login page) and doesn't close the browser window, the next day (24 hours later), he won't be able to login.  The beaker session configuration is as follows:

session.auto = true

session.type = file

session.data_dir = %(here)s/data/sessions/data

session.lock_dir = %(here)s/data/sessions/lock

session.key = xyz

session.secret = xyz

session.cookie_on_exception = true

I checked Google Chromes Web Inspector and it seems like a cookie is being stored on the client side, EVEN THOUGH session.type = file.  Why is this so?  After removing this cookie, the user is able to login as per usual again.  Is this a common problem?  If so, how can I solve this?

[Michael Merickel]

The session identifier is stored in a cookie, otherwise you have no
idea which session to use from the file store. I believe beaker
defaults to session cookies (meaning the cookies disappear when the
browser closes). Login/Logout is an independent problem and is
dictated by which authentication policy you're using in Pyramid. If
you're using the SessionAuthenticationPolicy then you need to be
calling remember()/forget() which store the authentication state
within the cookie.

> --
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/pylons-discuss/-/e4Dn_6GhJVIJ.
> To post to this group, send email to pylons-...@googlegroups.com.
> To unsubscribe from this group, send email to
> pylons-discus...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/pylons-discuss?hl=en.