Skip to first unread message
A3
Apr 21, 2017, 5:04:11 AM4/21/17
to web2py-users
Using auth and auth.settings.expiration the login expires correctly, when you refresh manually or click a button or menu it redirects to login.
My problem is that the page last shown before it expired remains visible.
There is no automatic redirecting just after the expiration time has passed.
What can I do to automatically redirect it at expiration time?
Any help is very welcome.
Anthony
Apr 21, 2017, 5:01:41 PM4/21/17
to web2py-users
You could include some JS in the layout that has the desired time to expiration in a JS variable and automatically does a client-side redirect to the logout URL after the expiration time.
Anthony
Anthony
A3
Apr 24, 2017, 6:52:16 AM4/24/17
to web2py-users
Thanks, I thought there was a standard solution.
I tried this:
add this scrip to layout:
<script>
var time = new Date().getTime();
$(document.body).bind("mousemove keypress", function(e) {
time = new Date().getTime();
});
function refresh() {
if(new Date().getTime() - time >= 60000)
ajax("{{=URL('default', 'login_status')}}", [], ':eval')
else
setTimeout(refresh, 10000);
}
setTimeout(refresh, 10000);
</script>
and this function to the default controller.
def login_status():
if auth.user:
return '' # user is still logged in
else:
redirect(URL('default', 'index'), client_side=True)
The java script checks every 10 second for mouse activity: if there is 60 seconds no activity it will make an ajax call to see if the user is still logged in.
if not logged in it will redirect.
Unfortunately it doesn't work:
I hoped it worked but it seems that the ajax call keeps the user logged in.
Is it possible to read the time left from auth.settings.expiration ?
Anthony
Apr 24, 2017, 3:49:56 PM4/24/17
to web2py-users
On Monday, April 24, 2017 at 6:52:16 AM UTC-4, A3 wrote:
Thanks, I thought there was a standard solution.
This is not a very common pattern except on highly secure websites (e.g., banking).
Unfortunately it doesn't work:I hoped it worked but it seems that the ajax call keeps the user logged in.Is it possible to read the time left from auth.settings.expiration ?
Why not just use the value of auth.settings.expiration directly in your Javascript? When the page first loads, you want to force the user to log out if that much time expires with no activity, right?
Anthony
Dave S
Apr 24, 2017, 3:58:45 PM4/24/17
to web2py-users
On Monday, April 24, 2017 at 12:49:56 PM UTC-7, Anthony wrote:
On Monday, April 24, 2017 at 6:52:16 AM UTC-4, A3 wrote:Thanks, I thought there was a standard solution.
This is not a very common pattern except on highly secure websites (e.g., banking).
Indeed, a common use of a webpage is as a reference while you're working on a relevant task in another window,
and having it wiped out because of a timer would be annoying. Tradeoffs are everywhere.
Unfortunately it doesn't work:I hoped it worked but it seems that the ajax call keeps the user logged in.
That's also why an html refresh header wouldn't work :-)
Is it possible to read the time left from auth.settings.expiration ?
Why not just use the value of auth.settings.expiration directly in your Javascript? When the page first loads, you want to force the user to log out if that much time expires with no activity, right?
Sounds good. There's just that little matter that some of us need to be reminded of the ways to pass python values to Javascript.
/dps
A3
Apr 25, 2017, 9:57:31 AM4/25/17
to web2py-users
Anthony your right, I was just looking in the wrong direction.
What about something like:
def index():
timeout = auth.settings.expiration
return dict( timeout=timeout)
or put the variable timeout in the layout directly to simplify.
And in the layout
<script>
var timeout = {{=timeout}};
var time = new Date().getTime();
var refreshrate = 10000;
$(document.body).bind("mousemove keypress", function(e) {
time = new Date().getTime();
});
function refresh() {
if(new Date().getTime() - time >= timeout*1000) {
window.location.replace("{{=URL('user',args=['logout'], vars=dict(_next=URL('index')))}}" );
}
else {
setTimeout(refresh, refreshrate);
}
}
setTimeout(refresh, refreshrate);
refresh();
</script>
can anybody give a clue how to do the redirect properly?
Anthony
Apr 25, 2017, 10:02:42 AM4/25/17
to web2py-users
I would put the timeout value directly in the JS, as in your second example. To redirect, just set the value of location:
location = [logout url];
Anthony
location = [logout url];
Anthony
Reply all
Reply to author
Forward
0 new messages