I think it'd be a useful feature for AuthTktCookiePlugin, but in the mean time 
you can also create your own IIdentifier which adds this functionality:

from zope.interface import implements
from repoze.who.interfaces import IIdentifier

class TimeOutIdentifierPlugin(object)

    def __init__(the arguments):

    def identify(self, environ):
        if session_timed_out():
            environ['repoze.who.application'] = HTTPUnauthorized()

So, basically you have to change the __init__ method and finally replace 
session_timed_out() with your own callable. The rest of the class should work 
as is.

Then pass it to repoze.what:

timeout_plugin = TimeOutIdentifierPlugin()
identifiers = [('timeout', timeout_plugin)]
app = add_auth(..., identifiers=identifiers, ...)



On Thursday March 26, 2009 09:45:32 Audrius Kažukauskas wrote:
> Hi,
> I'm using repoze.what in my Pylons app (the quickstart plugin and
> repoze.what-pylons plugin) and what I can't figure out now is how to
> set it up so that if user is inactive for some time, the session would
> timeout automatically.  I tried to look into AuthTktCookiePlugin code
> which is AFAIU used in quickstart, but it seems that it doesn't handle
> session timeouts.
> So, is there any way to set session timeout in repoze.what, or do I need
> to implement it myself (maybe somebody did it already)?

Gustavo Narea <xri://=Gustavo>.
| Tech blog: =Gustavo/(+blog)/tech  ~  About me: =Gustavo/about |
Repoze-dev mailing list

Reply via email to