There different issues here. One issue is the session storage. It is associated to the cookie uuid. This never expires unless the server side file is deleted (the script you mention does that).
Another issue is the content of the session. For example authentication information. That expires automatically. Even if the session cookie is stolen it is useless. Think of amazon. It always recognizes you but that does not mean it always thinks you are logged in. Web2py does the same. The session always remembers you since there is no reason to forget who you are. That does not it always thinks you are authenticated. The only reason to delete session server side is storage space. On Nov 15, 12:56 pm, Richard Vézina <[email protected]> wrote: > Hello, > > I just find this : > > Mailing-list > [x] expire_sessions.py respects expiration time, thanks iceberg > > From the book : > The file "applications/admin/cron/expire_sessions.py" actually exists and > ships with the *admin* app. It checks for expired sessions and deletes > them. "applications/admin/cron/crontab" runs this task hourly. > > I don't understand why Massimo wrote session never end up here in the > thread? > > How safe it is if I adapt the expire_sessions.py to my app? > > What do I lost if I use to clear sessions files... Until now I was using > them as kind of log to know what a user as do during it session. > > Thanks > > Richard > > On Tue, Nov 15, 2011 at 1:35 PM, Richard Vézina <[email protected] > > > > > > > > > wrote: > > I see 2 issues with this method : > > > 1) If user close his navigator instead of disconnecting properly before... > > > 2) User use long expiration option (I will disabling the option) > > > So to resolve the remaining issue 1, I would like to trigger a action when > > user session is expired that will reset my flag in case user don't > > disconnect (close navigator instead of clic disconnecting) before his > > session has end. > > > How can I get know since how long a user is logged on or when user has > > login so I can delta time? > > > Richard > > > On Mon, Nov 14, 2011 at 4:05 PM, Richard Vézina < > > [email protected]> wrote: > > >> Here it is : > > >> Redefine auth table like this : > >> auth_table = db.define_table( > >> auth.settings.table_user_name, > > >> Append to default auth user field this field : > > >> Field('logged_on','boolean', writable=False, readable=False, > >> default=None), > > >> Then I put those lines into db.py that contain my auth redefined table > >> that's it (other models files contain the rest of my tables models) > > >> auth.settings.login_onaccept = lambda form: user_logged_on_update('True', > >> auth.user and auth.user.id) > >> auth.settings.logout_onlogout = lambda user: > >> user_logged_on_update('False', user.id) > > >> def user_logged_on_update(flag, user_id): > >> """ > >> Update of "logged_on" auth_user field. True = logged on. > >> """ > >> if user_id != None and flag != None: > >> db.auth_user[user_id] = dict(logged_on = flag) > >> return > > >> I know that function don't go into model so it properly best fitting into > >> module... But to allow lambda functions to call it I will have to import > >> them so... Don't know what best pratice... > > >> Also I get user id at login accept by calling : auth.user and > >> auth.user.id > > >> But is the form containing user id? > > >> What do you think about that? > > >> Richard > > >> On Mon, Nov 14, 2011 at 2:37 PM, Richard Vézina < > >> [email protected]> wrote: > > >>> Hello Sathvik, > > >>> Do you use the RBAC web2py feature? > > >>> How you "last_in" get update as user logon? > > >>> Ok, just re-read your email you don't use the auth... > > >>> I think personnalise the auth_user table (or any other name you give it) > >>> and append a boolean "loged_on" (TRUE/FALSE) field could do it in > >>> conjunction with : > > >>> auth.settings.login_onaccept = lambda form: user_logged_on_update('True') > > >>> auth.settings.logout_onlogout - lambda user: > >>> user_logged_on_update('False') > > >>> Since we can't assign in lambda using a sub-function that update the > >>> auth_user.logged_on=True or auth_user.logged_on=False will do it. > > >>> Note : It's just pseudo code... I can report here when I get a working > >>> implementation... > > >>> :) > > >>> Richard > > >>> On Fri, Nov 11, 2011 at 1:06 AM, Sathvik Ponangi > >>> <[email protected]>wrote: > > >>>> I'm using a Users table & sessions to handle users. > > >>>> db.define_table('users', > >>>>> db.Field('name', 'string'), > >>>>> db.Field('password', 'password'),#If local user > >>>>> db.Field('active', 'boolean', default=False), > >>>>> db.Field('uid', 'string'), > >>>>> db.Field('slinked', 'string', > >>>>> default=""),#Redirect to a linked account > >>>>> db.Field('last_in', 'datetime', > >>>>> default=request.now), > >>>>> db.Field('date', 'datetime', default=request.now, > >>>>> writable=False) > >>>>> ) > > >>>> Is it a good idea to switch-over to auth? If so, how do I do it? > > >>>> On Thu, Nov 10, 2011 at 3:44 AM, Richard Vézina < > >>>> [email protected]> wrote: > > >>>>> Thank you! > > >>>>> Richard > > >>>>> On Wed, Nov 9, 2011 at 4:23 PM, Massimo Di Pierro < > >>>>> [email protected]> wrote: > > >>>>>> They are usually called > > >>>>>> auth.settings.login_onaccept = lambda form: .. > >>>>>> auth.settings.profile_onaccept = lambda form: .. > >>>>>> auth.settings.<method>_onaccept = lambda form: .. > > >>>>>> and they all take the form. > > >>>>>> the name exception is > > >>>>>> auth.settings.logout_onlogout - lambda user: ... > > >>>>>> because there is no form to fill on logout but there is a user. > > >>>>>> On Nov 9, 1:37 pm, Richard Vézina <[email protected]> > >>>>>> wrote: > >>>>>> > Nice approach so I could update a custom field in auth_user and put > >>>>>> it true > >>>>>> > or false at login and logout? > > >>>>>> > How I may set my flag to true? > > >>>>>> > Is there a auth.settings.login_onlogin ?? > > >>>>>> > Thanks > > >>>>>> > Richard > > >>>>>> > On Wed, Nov 9, 2011 at 2:14 PM, Massimo Di Pierro < > > >>>>>> > [email protected]> wrote: > >>>>>> > > Sessions never end. Do you want to detect logout? > > >>>>>> > > auth.settings.logout_onlogout = lambda user: > >>>>>> do_something_with(user) > > >>>>>> > > On Nov 9, 11:58 am, Sathvik Ponangi <[email protected]> wrote: > >>>>>> > > > Is there someway that I could call a function when the user > >>>>>> ends their > >>>>>> > > > session? > > >>>> -- > >>>> Sathvik Ponangi
