auth_user boolean extrafield odd behavior

[Pierre]

Hi,

I defined an auth_user  boolean extra field which default value is False then I updated its value to True
Now if I login with this user and try to access the boolean value via auth.user.extraField it's still False
here is the controller.function:

def auser():
    u= auth.user.username
    m = auth.user.email
    g= auth.user.geolocated
    r= db.auth_user(id=auth.user_id)
    gg = r.geolocated
    return locals()

this gives : g=False and  gg=True  


here is the field definition in db.py:

auth = Auth(db)

auth.settings.extra_fields['auth_user']=[Field('geolocated','boolean', default=False)]

[Anthony]

When a user is logged in, the user record (i.e., auth.user) is stored in the session -- it does not get updated from the database on every request, as that would require too many database hits. It will be updated the next time that user logs in.

Anthony

[Pierre]

oups.....this was a bad idea. I will never do it again
I didn't know auth_user was so "ticklish" (especially under the arms)....it probably depends on the current user.......


thanks Anthony

[Pierre]

Does session.forget() affects the way users login/logout/signup......etc ?

should  session.forget()  be placed in every controller function or is there a way to apply it globally ?

[Anthony]

On Monday, May 30, 2016 at 6:56:30 AM UTC-4, Pierre wrote:

Does session.forget() affects the way users login/logout/signup......etc ?

should  session.forget()  be placed in every controller function or is there a way to apply it globally ?

Not sure what you're getting at with regard to this issue. session.forget() just tells the session not to bother saving itself for the current request -- it does not erase or clear the session. What are you trying to do?

Anthony

[Pierre]

I am trying to optimize things: I don't need to store anything in the session so I thought I could apply session.forget() once and that would be true for all  application controllers functions

[Anthony]

On Tuesday, May 31, 2016 at 4:24:20 AM UTC-4, Pierre wrote:

I am trying to optimize things: I don't need to store anything in the session so I thought I could apply session.forget() once and that would be true for all  application controllers functions

You must call session.forget() sometime during the request for any request in which you don't need the session. Of course, that means if you call session.forget() in a model, it will affect all requests, because models are run on all requests. However, Auth actions require the session, as well as pages with forms (the session is used to store the CSRF token) -- so you will need some logic to ensure the session is not disabled for all requests.

Also, note that session.forget() won't necessarily lead to a big performance boost because when the session remains unchanged during a request, it is not saved back out to disk (or the db) anyway. The only savings will be from the fact that the session will not need to determine whether it has changed (which involves a pickle and hash operation).

Anthony