Session / Originating IP

25 views
Skip to first unread message

clara

unread,
Jul 7, 2020, 11:35:32 AM7/7/20
to web2py-users
Hello,
I store sessions in database, and I see that originating IP is one the fields in the table along with the session unique_key. 
Let's assume I established a new session with my web2py site, let's say from my mobile, today. Session expires in a month-time. 
If I connect to the site tomorrow, but my mobile operator has assigned me a different IP address, would web2py "re-use" yesterday's session ? Or start a brand-new session?
In other words, what role does IP information play in the session database, is it only informative?
Thanks in advance for your help,
Clara




Jose C

unread,
Jul 8, 2020, 3:59:46 PM7/8/20
to web2py-users
I haven't looked into the code specifically, but can tell you that when I change IP's mid session, (by connecting to a VPN) it has no impact on the session being used at the time.  That is, the same session continues to be used in all interactions with the site.

I use redis to store my sessions but can't imagine that the session handling code would be different depending on where the session is stored.

From mobile, the easiest way to test would be connect via your provider's connection (and ip), establish a session to your site,  then disconnect mobile data and connect to your site again with your local wi-fi connection (which is a different ip).  Should give you the answer.

Hope that helps,

Jose



Clara Ferrando

unread,
Jul 8, 2020, 4:20:08 PM7/8/20
to web...@googlegroups.com
Hello José, 

Thanks for your reply.
I think you are right. I was somewhat confused because on mobile I notice the web2py application asks me to re-login almost daily. 
Not sure why yet...

Regards,
Clara

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/527N0bMMzNg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/4287e578-1f01-42a4-bb76-e73c44caf269o%40googlegroups.com.

Jose C

unread,
Jul 8, 2020, 6:08:29 PM7/8/20
to web2py-users
If I recall correctly, the default login expiration for the standard web2py login functionality is 1 hour (from last access).

If you enable the 'remember me' checkbox on login it should set the expiry to 30 days (by default).  You should also be able to set a custom long expiration time with auth.settings.long_expiration: 

For example, I have this in one of my model files which keeps me logged in for a month:

auth.settings.long_expiration = 2592000    # seconds in one month
auth.settings.remember_me_form = True
auth.messages.label_remember_me = "Remember me (for 30 days)"


HTH,
Jose

Reply all
Reply to author
Forward
0 new messages