session.authorized is transparent to web2py. It is a variable as any other variable. You need a line like
if not session.authorized: redirect(URL(r=request,f='not_authorized')) On Mar 8, 7:21 am, NguyendHEX <[email protected]> wrote: > I need more infor about Session management by web2py core. Of course, > i can track user session at application level but if i have more than > one controller, i have manually update session at every controller by > setting last request. > > 1) assuming you use session.authorized to determine whether the > user > is logged in > 2) set session.lasttime=time.time() immediately after login > 3) place at the top of your controller: > > if session.lasttime and session.lasttime<time.time()-600: > session.authorized=False > if session.authorized: session.lasttime=time.time() > > So web2py core should handle session expiration instead of application > level or provide a hook function on user request. > > any idea? > > Thanks, > > Nguyen > > On Mar 5, 11:20 am, NguyendHEX <[email protected]> wrote: > > > I see the session processing > > athttp://groups.google.com/group/web2py/browse_thread/thread/14ec13e619... > > > I don't know when session is cleared by web2py if the application > > clear it manually. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
