I don't think any kind of persistent log in is possible without some
client-side cooperation. With the default end-of-brower-session
cookie expiry the reference to the server session is lost, making
any server-side expiry meaningless?
With a dummy application and using the Firebug Firefox extension to
see the HTTP headers I can see a timed-expiry cookie being set if I
use:
response.cookies[response.session_id_name]['expires']=(datetime.now()
+ timedelta(minutes=5)).strftime("%a, %b %d %Y, %H:%M:%S GMT")
I think my problem is: I expected that once the 'expires' had been
set on the Cookie, this field would be repeated whenever the client
sends the cookie to web2py, and whenever web2py returns the cookie
to the client.
I might be wrong in my observations, but I think web2py issues a new
'Set Cookie' with every response (including redirects). The cookie
only includes the 'expiry' field when I set it explicitly in that
transaction's
response. Subsequent responses include a 'Set Cookie' without an
'expiry' field,
so the cookie reverts to session expiry.
It's no problem to set
response.cookies[response.session_id_name]['expires'] at the top of
my controller, on every response. Does this sound like the right
thing to be doing?
Thanks again
Chris
On Feb 19, 10:01 pm, mdipierro <[email protected]> wrote:
> I am not sure. The "expires" directive has nothing to do with
> serverside. If you want to expire a session server side you need to do
> it via a session variable. Settings "expires" in the cookie should
> indicate your browser that the browser should not send back to the
> server this cookie after the expire time. I am not sure how browsers
> really handle the cookie. You browser is still sending it back.
>
> On Feb 19, 3:55 pm, cjparsons <[email protected]> wrote:
>
> > On Feb 19, 1:32 pm, mdipierro <[email protected]> wrote:
>
> > > To set the expiration for the session cookie and thus making it
> > > persistent just do:
>
> > > response.cookies[response.session_id_name]['expires']="Fri, 3 Aug
> > > 2009 20:47:11 UTC"
>
> > For some reason I'm doing this wrong. If I log the contents of
> > 'response' I see
> > 'response.cookies= Set-Cookie: session_id_dw=127-0-0-1-
> > acc765d2-5ec1-4551-86bb-14ba69724ece; expires=Thu, Feb 19 2009,
> > 21:53:44; Path=/'
>
> > But the session doesn't seem to expire and if I look using firefox's
> > "page information" dialog, the cookie is shown as expiring "at the end
> > of the session".
>
> > Is it because after doing this (as part of form validation) I'm then
> > redirecting?
>
> > form_login = FORM(login form)
> > if form_login.accepts(request.vars, formname="form_login"):
> > fill_in_session(expiry=datetime.now() + default_expiry_delta) #
> > this sets 'expires' as above
> > redirect(URL(r=request,c='event',f='index'))
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
