On Mon, Mar 16, 2009 at 8:56 PM, Huuuze <huu...@ymail.com> wrote: > > Jeff (and Jacob)... > > I appreciate your responses and I stand corrected. With that being > said, are either of you (or anyone reading this) aware of a method > that would allow me to track idle session timeouts? I'd like to audit > when a user has been logged out due to a timeout. > > Huuuze > > On Mar 16, 7:49 pm, Jeff FW <jeff...@gmail.com> wrote: > > It's not a bug. When a cookie expires, the browser stops sending it > > with its requests--therefore, there is *no* way for Django to know > > that the cookie (and therefore, the session) has expired. There is no > > "timeout" happening on the server side, so the session can't get > > cleared out. Hence, why the documented method for clearing out old > > sessions. > > > > Maybe you're used to something like PHP's behavior, which cleans old > > old sessions automatically. However, it only does this by deciding to > > clear out the old sessions (by default) 1 out of every 100 requests-- > > which is kind of a nasty thing to do that 100th person. > > > > -Jeff > > > > On Mar 16, 6:38 pm, Jacob Kaplan-Moss <jacob.kaplanm...@gmail.com> > > wrote: > > > > > On Mon, Mar 16, 2009 at 4:46 PM, Huuuze <huu...@ymail.com> wrote: > > > > Does anyone else agree with my viewpoints on this matter? If so, > > > > please post your comments in the ticket. > > > > > Actually, the right way to get your viewpoint heard is to take the > > > matter to the django-developers mailing list, where topics related to > > > Django's development are discussed. You'll have more luck posting > > > suggestions and criticism there than here or on the ticket tracker. > > > > > However, please keep in mind that we're currently running up to Django > > > 1.1, so it's likely that anything that's not an outright bug might be > > > left by the wayside while we close bugs for the final release. If you > > > don't get an immediate response, be patient and wait until a bit after > > > the release when we all have a bit more time. > > > > > Jacob > > > One possibility would be to use 2 cookies, one the normal session cookie, and a second with a *way* longer expire date. Then when a user has the long one but not the other one clear out the corresponding session(which you'd keep track of obviously).
Alex -- "I disapprove of what you say, but I will defend to the death your right to say it." --Voltaire "The people's good is the highest law."--Cicero --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
