I've tried using Session.lease_time as a session timeout mechanism and have not good success with it. The behavior is really more of a session invalidation than a session timeout.
The problem is that it's not clear how to catch a lease expiration in the code so that you can display an appropriate message; it just suddenly appears like an unauthenticated user is visiting the page with a brand new session. This makes it difficult to try and do friendly things like cache form values and reload them after they re- authenticate.
I guess I'm looking more for behavior where the current session doesn't get deleted but goes into a "needs to re-authenticate" state which is handled by the login machinery and can be detected by application code.
Any thoughts on how best to approach this? Thanks. Dave ------ David K. Hess Verscend Technologies, Inc. [EMAIL PROTECTED] 214-684-5448 _______________________________________________ QP mailing list [email protected] http://mail.mems-exchange.org/mailman/listinfo/qp
