Pavel Skvazh at about 2/7/08 3:48 AM said: > Thanks a lot, Phil. I really appreciate your help. > > My issue is really weird. User logs in, then i log out doing > session.delete() or invalidate() - doesn't matter. And then user > reloads the page... and all his session data is in place... > Works perfectly on the local mashine and without proxy out there. > If i delete the cookie in the browser - everything's fine, new > session. > I think that deleting the user's cookie can solve this one. Is there a > way to do this in Beaker? > > I cann't use memcached, because i store SA session there, which cannot > be pickled.
memcached doesn't matter so forget it. But Beaker pickles everything it caches (i think) and you can't store a SA session there anyway ?? > > I don't use authkit. I don't think i really need the regular cookie > behavior (users coming back and automaticly loggin in by the cookie) That's not the reason for authkit anyway. It doesn't allow "persistant" logins by default. > Can you please share some code piece where you take advantage of Etag? you've probably already seen http://wiki.pylonshq.com/display/pylonsdocs/Caching+in+Templates+and+Controllers but I don't think it will help here anyway > As far as I can see from here Apache has to be the one in charge for > setting it. I can be wrong. Not for scripted pages. Apache doesn't know enough about the page to set it. > Ben tipped me to change base controller to look like this > > class BaseController(WSGIController): > def __call__(self, environ, start_response): > response.headers['Pragma'] = 'no-cache' > response.headers['Cache-Control'] = 'no-store,no-cache,must- > revalidate,max-age=0' > return WSGIController.__call__(self, environ, start_response) > > but this made no difference... If some proxy doesn't respect those headers then etags probably won't help. I think your problem might be more basic and I apologize if this is way NOT the case. If you don't use authkit...what do you use. Basic auth means that you aren't logged out until you quit the browser (which you said does work). The real question is, what makes you think someone is logged out. Do they click a "logout" button or something. Clearing the beaker cache will keep the server from rerendering the page as was (which it does not do). You might test a little more. You can manually inspect (or brutally delete) the beaker cache between the logout and the refresh. That narrows down blame. Also from the browser, how does the user "refresh" when he sees the same data. Clicking a "back" button, a "refresh" button and holding shift while clicking the refresh button are three different things (on ff at least). Hand in hand with that, is the behavior consistent with multiple browsers (ff opera safari and God forbid ie). Also, in ff you can delete the cookie and then refresh the page. Hope it helps -- Phil --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
