Some corrections and a suggestion.
web2py currently does not set an expiration to cookie (neither client-
side or server-size). The lack of client-size expiration which is an
attribute of the cookie itself, is the reason why they are not
persistent. This can be easily changed. The lack of server-size
expiration (session expiration) is handled by the apps, for example
"admin" has its own expiration mechanism.
No information is stored in the cookie other then a UUID so your below
computing the HMAC is not necessary, unless you want to create your
own cookies and store stuff client side.
To set the expiration for the session cookie and thus making it
persistent just do:
response.cookies[response.session_id_name]['expires']="Fri, 3 Aug
2009 20:47:11 UTC"
You can create your own cookie by
response.cookies['cookiename']='value'
response.cookies['cookiename']['expires']="Fri, 3 Aug 2009
20:47:11 UTC"
and you can retrieve it with
value=request.cookies['cookiename']
I believe this is in the manual.
On Feb 19, 6:54 am, cjparsons <[email protected]> wrote:
> I'd like a bit more understanding about how web2py handles cookies and
> the 'session' variable. When a user logs in I want to offer the option
> of keeping their log in on this computer (if not using a public
> computer).
>
> My mechanism at the moment is to store information in the session
> including an expiry time. The session information is checked on each
> access and if the expiry time has passed the session variable's
> contents is deleted.
>
> I think the session information is stored in a non-persistent cookie?
> So if the browser is closed the session is lost. Is there a way around
> this?
>
> I think I can create a cookie for users that want to keep their log in
> and do a test
>
> if <we have persistent cookie>:
> check_cookie(persistent_cookie)
> else:
> check_cookie(session)
>
> But I couldn't see too much in the manual about cookies other than
> related to the session.
>
> For reference my "fill in cookie" function called when the user logs
> in is:
>
> # Return a cookie for the given user, calculating the digest
> def fill_in_cookie(cookie=None, expiry=0, c_authenticator=None,
> user_id=None ):
> cookie.expiry = expiry
> h = hmac.new(secret_hmac_cookie_key, str(cookie.expiry),
> hashlib.sha256)
> cookie.authenticator = c_authenticator
> h.update(cookie.authenticator)
> cookie.user_id = user_id
> h.update(str(cookie.user_id))
> cookie.check = h.hexdigest()
>
> At the moment this is called with cookie set to session
>
> authFunctions.fill_in_cookie(
> cookie=session,
> user_id = u.id,
> c_authenticator=c_authenticator,
> expiry=expiry)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
