I'd like a bit more understanding about how web2py handles cookies and
the 'session' variable. When a user logs in I want to offer the option
of keeping their log in on this computer (if not using a public
computer).
My mechanism at the moment is to store information in the session
including an expiry time. The session information is checked on each
access and if the expiry time has passed the session variable's
contents is deleted.
I think the session information is stored in a non-persistent cookie?
So if the browser is closed the session is lost. Is there a way around
this?
I think I can create a cookie for users that want to keep their log in
and do a test
if <we have persistent cookie>:
check_cookie(persistent_cookie)
else:
check_cookie(session)
But I couldn't see too much in the manual about cookies other than
related to the session.
For reference my "fill in cookie" function called when the user logs
in is:
# Return a cookie for the given user, calculating the digest
def fill_in_cookie(cookie=None, expiry=0, c_authenticator=None,
user_id=None ):
cookie.expiry = expiry
h = hmac.new(secret_hmac_cookie_key, str(cookie.expiry),
hashlib.sha256)
cookie.authenticator = c_authenticator
h.update(cookie.authenticator)
cookie.user_id = user_id
h.update(str(cookie.user_id))
cookie.check = h.hexdigest()
At the moment this is called with cookie set to session
authFunctions.fill_in_cookie(
cookie=session,
user_id = u.id,
c_authenticator=c_authenticator,
expiry=expiry)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
