Detecting if a session has ended
343 views
Skip to first unread message
Sathvik Ponangi
Nov 9, 2011, 12:58:12 PM11/9/11
to web...@googlegroups.com
Is there someway that I could call a function when the user ends their session?
Massimo Di Pierro
Nov 9, 2011, 2:14:56 PM11/9/11
to web2py-users
Sessions never end. Do you want to detect logout?
auth.settings.logout_onlogout = lambda user: do_something_with(user)
auth.settings.logout_onlogout = lambda user: do_something_with(user)
Richard Vézina
Nov 9, 2011, 2:37:26 PM11/9/11
to web...@googlegroups.com
Nice approach so I could update a custom field in auth_user and put it true or false at login and logout?
How I may set my flag to true?
Is there a auth.settings.login_onlogin ??
Thanks
Richard
Massimo Di Pierro
Nov 9, 2011, 4:23:54 PM11/9/11
to web2py-users
They are usually called
auth.settings.login_onaccept = lambda form: ..
auth.settings.profile_onaccept = lambda form: ..
auth.settings.<method>_onaccept = lambda form: ..
and they all take the form.
the name exception is
auth.settings.logout_onlogout - lambda user: ...
because there is no form to fill on logout but there is a user.
auth.settings.login_onaccept = lambda form: ..
auth.settings.profile_onaccept = lambda form: ..
auth.settings.<method>_onaccept = lambda form: ..
and they all take the form.
the name exception is
auth.settings.logout_onlogout - lambda user: ...
because there is no form to fill on logout but there is a user.
Richard Vézina
Nov 9, 2011, 5:14:25 PM11/9/11
to web...@googlegroups.com
Thank you!
Richard
Sathvik Ponangi
Nov 11, 2011, 1:06:46 AM11/11/11
to web...@googlegroups.com
I'm using a Users table & sessions to handle users.
db.define_table('users',
db.Field('name', 'string'),
db.Field('password', 'password'),#If local user
db.Field('active', 'boolean', default=False),
db.Field('uid', 'string'),
db.Field('slinked', 'string', default=""),#Redirect to a linked account
db.Field('last_in', 'datetime', default=request.now),
db.Field('date', 'datetime', default=request.now, writable=False)
)
Is it a good idea to switch-over to auth? If so, how do I do it?
--
Sathvik Ponangi
Sathvik Ponangi
Bruno Rocha
Nov 11, 2011, 1:21:51 AM11/11/11
to web...@googlegroups.com
On Wed, Nov 9, 2011 at 5:14 PM, Massimo Di Pierro <massimo....@gmail.com> wrote:
auth.settings.logout_onlogout = lambda user: do_something_with(user)
Why dont we clean the specific session file/registry when user logged out?
auth.settings.logout_onlogout = lambda user: remove_session(user)
is there a problem on doing that?
--
Bruno Rocha
Anthony
Nov 11, 2011, 3:08:18 AM11/11/11
to web...@googlegroups.com
On Friday, November 11, 2011 1:21:51 AM UTC-5, rochacbruno wrote:
On Wed, Nov 9, 2011 at 5:14 PM, Massimo Di Pierro <massimo....@gmail.com> wrote:auth.settings.logout_onlogout = lambda user: do_something_with(user)Why dont we clean the specific session file/registry when user logged out?auth.settings.logout_onlogout = lambda user: remove_session(user)is there a problem on doing that?
Maybe not by default, though -- logging out doesn't necessarily have to end the browser session.
Richard Vézina
Nov 14, 2011, 2:37:38 PM11/14/11
to web...@googlegroups.com
Hello Sathvik,
Do you use the RBAC web2py feature?
How you "last_in" get update as user logon?
Ok, just re-read your email you don't use the auth...
I think personnalise the auth_user table (or any other name you give it) and append a boolean "loged_on" (TRUE/FALSE) field could do it in conjunction with :
auth.settings.login_onaccept = lambda form: user_logged_on_update('True')
auth.settings.logout_onlogout - lambda user: user_logged_on_update('False')
Since we can't assign in lambda using a sub-function that update the auth_user.logged_on=True or auth_user.logged_on=False will do it.
Note : It's just pseudo code... I can report here when I get a working implementation...
:)
Richard
Richard Vézina
Nov 14, 2011, 4:05:45 PM11/14/11
to web...@googlegroups.com
Here it is :
Redefine auth table like this :
auth_table = db.define_table(
auth.settings.table_user_name,
Append to default auth user field this field :
Field('logged_on','boolean', writable=False, readable=False, default=None),
Then I put those lines into db.py that contain my auth redefined table that's it (other models files contain the rest of my tables models)
auth.settings.login_onaccept = lambda form: user_logged_on_update('True', auth.user and auth.user.id)
auth.settings.logout_onlogout = lambda user: user_logged_on_update('False', user.id)
def user_logged_on_update(flag, user_id):
"""
Update of "logged_on" auth_user field. True = logged on.
"""
if user_id != None and flag != None:
db.auth_user[user_id] = dict(logged_on = flag)
return
I know that function don't go into model so it properly best fitting into module... But to allow lambda functions to call it I will have to import them so... Don't know what best pratice...
Also I get user id at login accept by calling : auth.user and auth.user.id
But is the form containing user id?
What do you think about that?
Richard
Richard Vézina
Nov 15, 2011, 1:35:53 PM11/15/11
to web...@googlegroups.com
I see 2 issues with this method :
1) If user close his navigator instead of disconnecting properly before...
2) User use long expiration option (I will disabling the option)
So to resolve the remaining issue 1, I would like to trigger a action when user session is expired that will reset my flag in case user don't disconnect (close navigator instead of clic disconnecting) before his session has end.
How can I get know since how long a user is logged on or when user has login so I can delta time?
Richard
Richard Vézina
Nov 15, 2011, 1:56:53 PM11/15/11
to web...@googlegroups.com
Hello,
I just find this :
Mailing-list
[x] expire_sessions.py respects expiration time, thanks iceberg
From the book :
The file "applications/admin/cron/expire_sessions.py" actually exists and ships with the admin app. It checks for expired sessions and deletes them. "applications/admin/cron/crontab" runs this task hourly.
I don't understand why Massimo wrote session never end up here in the thread?
I don't understand why Massimo wrote session never end up here in the thread?
How safe it is if I adapt the expire_sessions.py to my app?
What do I lost if I use to clear sessions files... Until now I was using them as kind of log to know what a user as do during it session.
Thanks
Richard
Massimo Di Pierro
Nov 15, 2011, 10:54:21 PM11/15/11
to web2py-users
There different issues here.
One issue is the session storage. It is associated to the cookie uuid.
This never expires unless the server side file is deleted (the script
you mention does that).
Another issue is the content of the session. For example
authentication information. That expires automatically. Even if the
session cookie is stolen it is useless.
Think of amazon. It always recognizes you but that does not mean it
always thinks you are logged in. Web2py does the same. The session
always remembers you since there is no reason to forget who you are.
That does not it always thinks you are authenticated.
The only reason to delete session server side is storage space.
On Nov 15, 12:56 pm, Richard Vézina <ml.richard.vez...@gmail.com>
wrote:
One issue is the session storage. It is associated to the cookie uuid.
This never expires unless the server side file is deleted (the script
you mention does that).
Another issue is the content of the session. For example
authentication information. That expires automatically. Even if the
session cookie is stolen it is useless.
Think of amazon. It always recognizes you but that does not mean it
always thinks you are logged in. Web2py does the same. The session
always remembers you since there is no reason to forget who you are.
That does not it always thinks you are authenticated.
The only reason to delete session server side is storage space.
On Nov 15, 12:56 pm, Richard Vézina <ml.richard.vez...@gmail.com>
wrote:
> Hello,
>
> I just find this :
>
> Mailing-list
> [x] expire_sessions.py respects expiration time, thanks iceberg
>
> From the book :
> The file "applications/admin/cron/expire_sessions.py" actually exists and
> ships with the *admin* app. It checks for expired sessions and deletes
>
> I just find this :
>
> Mailing-list
> [x] expire_sessions.py respects expiration time, thanks iceberg
>
> From the book :
> The file "applications/admin/cron/expire_sessions.py" actually exists and
> them. "applications/admin/cron/crontab" runs this task hourly.
>
> I don't understand why Massimo wrote session never end up here in the
> thread?
>
> How safe it is if I adapt the expire_sessions.py to my app?
>
> What do I lost if I use to clear sessions files... Until now I was using
> them as kind of log to know what a user as do during it session.
>
> Thanks
>
> Richard
>
> On Tue, Nov 15, 2011 at 1:35 PM, Richard Vézina <ml.richard.vez...@gmail.com
>
> I don't understand why Massimo wrote session never end up here in the
> thread?
>
> How safe it is if I adapt the expire_sessions.py to my app?
>
> What do I lost if I use to clear sessions files... Until now I was using
> them as kind of log to know what a user as do during it session.
>
> Thanks
>
> Richard
>
Richard Vézina
Nov 16, 2011, 10:12:36 AM11/16/11
to web...@googlegroups.com
Ok, so what I want is to know how to verify if it authentification has expired...
I hope I am clear I don't know the exact wording for what I want...
But I would trigger a update on my flag ("logged_on" : TRUE/FALSE) in case user don't clic disconnect before close browser or if he leave his browser open until the end of the day without disconnecting.
My flag is only a way to avoid opening a bunch of sessions files in app/sessions/ to look in which user is still logged on. I would be sure before making update to my app that no body is online and working...
Thanks
Richard
Massimo Di Pierro
Nov 16, 2011, 10:20:25 AM11/16/11
to web2py-users
Inside Auth(...) there is this logic
if auth and auth.last_visit and auth.last_visit + \
datetime.timedelta(days=0, seconds=auth.expiration) >
request.now:
self.user = auth.user
# this is a trick to speed up
sessions
if (request.now - auth.last_visit).seconds >
(auth.expiration/10):
auth.last_visit = request.now
else:
self.user = None
session.auth = None
If the user has logged or of the auth session has expires, then
session.auth = None, auth.user = None and auth.is_logged_in()=False.
On Nov 16, 9:12 am, Richard Vézina <ml.richard.vez...@gmail.com>
wrote:
if auth and auth.last_visit and auth.last_visit + \
datetime.timedelta(days=0, seconds=auth.expiration) >
request.now:
self.user = auth.user
# this is a trick to speed up
sessions
if (request.now - auth.last_visit).seconds >
(auth.expiration/10):
auth.last_visit = request.now
else:
self.user = None
session.auth = None
If the user has logged or of the auth session has expires, then
session.auth = None, auth.user = None and auth.is_logged_in()=False.
On Nov 16, 9:12 am, Richard Vézina <ml.richard.vez...@gmail.com>
wrote:
Richard Vézina
Nov 16, 2011, 12:09:21 PM11/16/11
to web...@googlegroups.com
Ok so I just need look into : auth.is_logged_in()=False
So what about this :
def user_logged_on_update(flag, user_id):
"""
Update of "logged_on" auth_user field. True = logged on.
"""
if user_id != None and flag != None:
db.auth_user[user_id] = dict(logged_on = flag)
return
# When user login and log off properly
auth.settings.login_onaccept = lambda form: user_logged_on_update('True', auth.user and auth.user.id)
auth.settings.logout_onlogout = lambda user: user_logged_on_update('False', user.id)
# When user let hang for ever his connection for what ever reason
if auth.user:
db.auth_user(auth.user and auth.user.id).update(logged_on = auth.is_logged_in())
In model file??
It's maybe heavy to commit user status on the system every time model is reload, in that case putting those command in CRON hourly could do it??
Richard
Massimo Di Pierro
Nov 16, 2011, 1:51:38 PM11/16/11
to web2py-users
Now I understand what you want to do.
What you propose would not work because there is no logout event.
Unless the user clicks the logout button, the logout happens when the
user tries to access the site and the session time exceeds expiration.
If the user logins and turns the browser off, the
user_logger_on_update function would never be called.
The only way to do what you need is by using gluon/contrib/
comet_messaging.
When the user visits a page, it opens an html5 websocket. When the
user goes away the socket is closed, Over the socket each user would
send their current session_id info and from the pool of open socket
you would be able to reconstruct information about the state of each
user.
Massimo
On Nov 16, 11:09 am, Richard Vézina <ml.richard.vez...@gmail.com>
wrote:
> ...
>
> read more »
What you propose would not work because there is no logout event.
Unless the user clicks the logout button, the logout happens when the
user tries to access the site and the session time exceeds expiration.
If the user logins and turns the browser off, the
user_logger_on_update function would never be called.
The only way to do what you need is by using gluon/contrib/
comet_messaging.
When the user visits a page, it opens an html5 websocket. When the
user goes away the socket is closed, Over the socket each user would
send their current session_id info and from the pool of open socket
you would be able to reconstruct information about the state of each
user.
Massimo
On Nov 16, 11:09 am, Richard Vézina <ml.richard.vez...@gmail.com>
wrote:
>
> read more »
Richard Vézina
Nov 16, 2011, 2:23:28 PM11/16/11
to web...@googlegroups.com
Ok...
I was trying to avoid this mostly cause I have no time to look into it comet... And also because it's something I don't master at this time.
Is it straight foward to put on?
Thank you for your help.
Richard
Richard Vézina
Nov 16, 2011, 3:02:20 PM11/16/11
to web...@googlegroups.com
There is way what I did works at least imperfectly ?
I want to make a quick gain for a couples of weeks...
After then I will have more time to look into comet_messaging..
Richard
Reply all
Reply to author
Forward
0 new messages