Redirection on session timeout
327 views
Skip to first unread message
Juan Antonio Ibáñez
Jun 1, 2012, 4:17:41 PM6/1/12
to turbo...@googlegroups.com
Hello boys,
I saw I can set up session timout configuring beaker.session.timeout insisde dev.ini. It works ok, but, is there any way to force going to logout handler url when any controller method gets calles once the session has timed out?
Regards
León Domingo
Jun 1, 2012, 7:46:29 PM6/1/12
to turbo...@googlegroups.com
Hola Juan,
The age of the cookie which is used to store your credentials, will make that cookie to be invalid (outdated) once it expires. As far as i know you dont have to do anything.
Saludos
León Domingo
--
You received this message because you are subscribed to the Google Groups "TurboGears" group.
To view this discussion on the web visit https://groups.google.com/d/msg/turbogears/-/6M0vDiOlqucJ.
To post to this group, send email to turbo...@googlegroups.com.
To unsubscribe from this group, send email to turbogears+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/turbogears?hl=en.
Juan Antonio Ibáñez
Jun 2, 2012, 2:14:28 AM6/2/12
to turbo...@googlegroups.com
I can see as session gets destroyed but I can still call controllers methods without being redirected to logout handler. All these methods have @require predicates. I read something about that repoze uses a different cookie than beaker to maintain the login auth
El sábado, 2 de junio de 2012 01:46:29 UTC+2, León Domingo escribió:
El sábado, 2 de junio de 2012 01:46:29 UTC+2, León Domingo escribió:
Hola Juan,
The age of the cookie which is used to store your credentials, will make that cookie to be invalid (outdated) once it expires. As far as i know you dont have to do anything.Saludos
León Domingo
El 01/06/2012 22:17, "Juan Antonio Ibáñez" <juani...@gmail.com> escribió:
Hello boys,I saw I can set up session timout configuring beaker.session.timeout insisde dev.ini. It works ok, but, is there any way to force going to logout handler url when any controller method gets calles once the session has timed out?Regards--
You received this message because you are subscribed to the Google Groups "TurboGears" group.
To view this discussion on the web visit https://groups.google.com/d/msg/turbogears/-/6M0vDiOlqucJ.
To post to this group, send email to turbo...@googlegroups.com.
To unsubscribe from this group, send email to turbogears+unsubscribe@googlegroups.com.
Alessandro Molina
Jun 2, 2012, 6:16:40 AM6/2/12
to turbo...@googlegroups.com
Yes, authentication and session use two different cookies.
You can expire auth cookie using both using tg.response.delete_cookie
or request.environ['repoze.who.plugins']['main_identifier'].forget
method.
>>> turbogears+...@googlegroups.com.
You can expire auth cookie using both using tg.response.delete_cookie
or request.environ['repoze.who.plugins']['main_identifier'].forget
method.
> --
> You received this message because you are subscribed to the Google Groups
> "TurboGears" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/turbogears/-/q3nvgBdxpNkJ.
> You received this message because you are subscribed to the Google Groups
> "TurboGears" group.
> To view this discussion on the web visit
>
> To post to this group, send email to turbo...@googlegroups.com.
> To unsubscribe from this group, send email to
> turbogears+...@googlegroups.com.
> To post to this group, send email to turbo...@googlegroups.com.
> To unsubscribe from this group, send email to
Juan Antonio Ibañez Santorum
Jun 2, 2012, 6:48:55 AM6/2/12
to turbo...@googlegroups.com
What I need is to know how to set up auth session duration, to be renewed in each controller method call and to be redirected to logout handler when a controller method gets called once auth session has expired
Alessandro Molina
Jun 2, 2012, 12:30:14 PM6/2/12
to turbo...@googlegroups.com
On Sat, Jun 2, 2012 at 12:48 PM, Juan Antonio Ibañez Santorum
<juani...@gmail.com> wrote:
> What I need is to know how to set up auth session duration, to be renewed in
> each controller method call and to be redirected to logout handler when a
> controller method gets called once auth session has expired
>
You can easily achieve this by checking in BaseController.__call__ for
<juani...@gmail.com> wrote:
> What I need is to know how to set up auth session duration, to be renewed in
> each controller method call and to be redirected to logout handler when a
> controller method gets called once auth session has expired
>
session expiration and renew it every time.
Another option is to store, instead of using a Beaker session, your
data into request.identity['userdata'] which will last until the user
is logged.
Beaker session is mostly provided as a way to store temporary data
related to the browsing session instead of user or when no
authentication is provided.
Juan Antonio Ibañez Santorum
Jun 2, 2012, 2:20:34 PM6/2/12
to turbo...@googlegroups.com
Thank you very much Alessandro. I think I've found the way to set auth cookie timeout setting following options in dev.ini:
base_config.sa_auth.cookie_timeout = X
base_config.sa_auth.cookie_reissue_time = Y
As I can read in repoze docs, AuthTktCookiePlugin: "If reissue_time is specified, when we encounter a cookie that is older than the reissue time (in seconds), but younger that the timeout, a new cookie will be issued. If timeout is specified, you must also set reissue_time to a lower value."
Juan Antonio Ibañez Santorum
Jun 2, 2012, 2:27:12 PM6/2/12
to turbo...@googlegroups.com
Sorry, config must be done in app_cfg.py not in dev.ini
Juan Antonio Ibáñez
Jul 14, 2012, 5:06:03 PM7/14/12
to turbo...@googlegroups.com
How
request.identity['userdata'] must be used?
I did some test but I am not be able to store/recover data into it.
Regards
Reply all
Reply to author
Forward
0 new messages