Session Expiration

[Saurabh Kumar]

What can cause a session to expire on server side? I have been facing the session expiration problem. I have already checked the 'expiration' field of the session.

What are all the possible cases that could lead to server expiration on server?

Session data just after log in:

{'_session_hash': 'ea152f552f6c88e598824b393cc650a6',

 '_user_agent': {'is_mobile': False, 'is_tablet': False},

 'auth': <Storage {'hmac_key': 'd4eea339-34f0-4e81-a8f5-54a68e8da363', 'user_groups': {1672: 'user_3747'}, 'expiration': 999999999, 'last_visit': datetime.datetime(2013, 11, 18, 15, 4, 6, 891109), 'user': <Row {some-data-here}>}>,

 'login_method': 'android_google',

 'mversion': '38'}

And it expires on its own after some time to:

{'_auth_next': '/app_init_data.json',

 '_formkey[login]': '426176a2-ad70-4af5-a146-0e7b16874d97',

 '_formkey[register]': 'f7ca1d03-2f5f-4d76-997b-1d7801b70d82',

 '_session_hash': '0e151d2a1dbb7242190fab4eaaf4a5d5',

 '_user_agent': {'is_mobile': False, 'is_tablet': False},

 'flash': ''}

I use the following function for login:

login_user(self, user)

[Massimo Di Pierro]

There is a cron job that expires sessions: 

https://github.com/web2py/web2py/blob/master/applications/admin/cron/crontab

You may want to remove it.

[Saurabh Kumar]

There is no such cron entry in my web2py application. There is one in admin app though. Will it affect my app too? Moreover, sessions are being stored in DB, expire_sessions.py seems to expire the on-disk sessions.

Moreover, as mentioned below, I have already set the expiration to a very large number ( 'expiration': 999999999). 

Is this script the only way for session expiration?

Saurabh

[Michele Comitini]

Try to see if what you have is expiration or something overwriting/deleting the session.

Maybe testing with small expiration timeouts can give you some hints.

Check the session stored in the db.

BTW do not use memcached to store sessions.

2013/11/19 Saurabh Kumar <saurab...@gmail.com>

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Saurabh Kumar]

This is the data stored in the DB table for sessions. I am not caching them using Memcached. The problem is that the Auth object in the session goes to None and which causes log out. Can some misbehaviour on client side cause this?

Session data just after log in:

{'_session_hash': 'ea152f552f6c88e598824b393cc650a6',

 '_user_agent': {'is_mobile': False, 'is_tablet': False},

 'auth': <Storage {'hmac_key': 'd4eea339-34f0-4e81-a8f5-54a68e8da363', 'user_groups': {1672: 'user_3747'}, 'expiration': 999999999, 'last_visit': datetime.datetime(2013, 11, 18, 15, 4, 6, 891109), 'user': <Row {some-data-here}>}>,

 'login_method': 'android_google',

 'mversion': '38'}

And it expires on its own after some time to:

{'_auth_next': '/app_init_data.json',

 '_formkey[login]': '426176a2-ad70-4af5-a146-0e7b16874d97',

 '_formkey[register]': 'f7ca1d03-2f5f-4d76-997b-1d7801b70d82',

 '_session_hash': '0e151d2a1dbb7242190fab4eaaf4a5d5',

 '_user_agent': {'is_mobile': False, 'is_tablet': False},

 'flash': ''}

I use the following function for login:

login_user(self, user)

[Massimo Di Pierro]

That works for all apps but requires a cron process running. May not be your problem.

Can you give us more details about your setup (server,version, etc)?

[Saurabh Kumar]

I am using Web2py Version 2.4.2. It has been configured with Apache using wsgi. Sessions are being stored in MySql DB.