Session timeout
508 views
Skip to first unread message
NguyendHEX
Mar 4, 2009, 11:20:44 PM3/4/09
to web2py Web Framework
I see the session processing at
http://groups.google.com/group/web2py/browse_thread/thread/14ec13e619fff190/d1799abb37d7d331?lnk=gst&q=session#d1799abb37d7d331
I don't know when session is cleared by web2py if the application
clear it manually.
http://groups.google.com/group/web2py/browse_thread/thread/14ec13e619fff190/d1799abb37d7d331?lnk=gst&q=session#d1799abb37d7d331
I don't know when session is cleared by web2py if the application
clear it manually.
NguyendHEX
Mar 8, 2009, 8:21:25 AM3/8/09
to web2py Web Framework
I need more infor about Session management by web2py core. Of course,
i can track user session at application level but if i have more than
one controller, i have manually update session at every controller by
setting last request.
1) assuming you use session.authorized to determine whether the
user
is logged in
2) set session.lasttime=time.time() immediately after login
3) place at the top of your controller:
if session.lasttime and session.lasttime<time.time()-600:
session.authorized=False
if session.authorized: session.lasttime=time.time()
So web2py core should handle session expiration instead of application
level or provide a hook function on user request.
any idea?
Thanks,
Nguyen
On Mar 5, 11:20 am, NguyendHEX <i...@dohoangnguyen.com> wrote:
> I see the session processing athttp://groups.google.com/group/web2py/browse_thread/thread/14ec13e619...
i can track user session at application level but if i have more than
one controller, i have manually update session at every controller by
setting last request.
1) assuming you use session.authorized to determine whether the
user
is logged in
2) set session.lasttime=time.time() immediately after login
3) place at the top of your controller:
if session.lasttime and session.lasttime<time.time()-600:
session.authorized=False
if session.authorized: session.lasttime=time.time()
So web2py core should handle session expiration instead of application
level or provide a hook function on user request.
any idea?
Thanks,
Nguyen
On Mar 5, 11:20 am, NguyendHEX <i...@dohoangnguyen.com> wrote:
> I see the session processing athttp://groups.google.com/group/web2py/browse_thread/thread/14ec13e619...
mdipierro
Mar 8, 2009, 11:45:40 AM3/8/09
to web2py Web Framework
session.authorized is transparent to web2py. It is a variable as any
other variable.
You need a line like
if not session.authorized: redirect(URL(r=request,f='not_authorized'))
other variable.
You need a line like
if not session.authorized: redirect(URL(r=request,f='not_authorized'))
Yarko Tymciurak
Mar 8, 2009, 6:36:16 PM3/8/09
to web...@googlegroups.com
I don't know the context of this, but note that you can set session timeout default for your web2py instance with
--timeout=TIMEOUT (in minutes)
NguyendHEX
Mar 10, 2009, 6:05:35 AM3/10/09
to web2py Web Framework
Thanks for your help.
I will dive into web2py source code i learn more.
I asked this question because of i am afraid of session record never
deleted from database (or file). If i use session.last_request to
track last request time, i have to update it every request (of course
every controller).
I will dive into web2py source code i learn more.
I asked this question because of i am afraid of session record never
deleted from database (or file). If i use session.last_request to
track last request time, i have to update it every request (of course
every controller).
Jim C
Mar 10, 2009, 12:43:49 PM3/10/09
to web2py Web Framework
On a separate but related session expiration issue, if you are using
the Auth class, there is an error with the logout method.
If your session has expired and you logout you will generate a ticket.
--Jim
the Auth class, there is an error with the logout method.
If your session has expired and you logout you will generate a ticket.
--Jim
Reply all
Reply to author
Forward
0 new messages