Inside Auth(...) there is this logic
if auth and auth.last_visit and auth.last_visit + \
datetime.timedelta(days=0, seconds=auth.expiration) >
request.now:
self.user = auth.user
# this is a trick to speed up
sessions
if (request.now - auth.last_visit).seconds >
(auth.expiration/10):
auth.last_visit = request.now
else:
self.user = None
session.auth = None
If the user has logged or of the auth session has expires, then
session.auth = None, auth.user = None and auth.is_logged_in()=False.
On Nov 16, 9:12 am, Richard Vézina <[email protected]>
wrote:
> Ok, so what I want is to know how to verify if it authentification has
> expired...
>
> I hope I am clear I don't know the exact wording for what I want...
>
> But I would trigger a update on my flag ("logged_on" : TRUE/FALSE) in case
> user don't clic disconnect before close browser or if he leave his browser
> open until the end of the day without disconnecting.
>
> My flag is only a way to avoid opening a bunch of sessions files in
> app/sessions/ to look in which user is still logged on. I would be sure
> before making update to my app that no body is online and working...
>
> Thanks
>
> Richard
>
> On Tue, Nov 15, 2011 at 10:54 PM, Massimo Di Pierro <
>
>
>
>
>
>
>
> [email protected]> wrote:
> > There different issues here.
>
> > One issue is the session storage. It is associated to the cookie uuid.
> > This never expires unless the server side file is deleted (the script
> > you mention does that).
>
> > Another issue is the content of the session. For example
> > authentication information. That expires automatically. Even if the
> > session cookie is stolen it is useless.
>
> > Think of amazon. It always recognizes you but that does not mean it
> > always thinks you are logged in. Web2py does the same. The session
> > always remembers you since there is no reason to forget who you are.
> > That does not it always thinks you are authenticated.
>
> > The only reason to delete session server side is storage space.
>
> > On Nov 15, 12:56 pm, Richard Vézina <[email protected]>
> > wrote:
> > > Hello,
>
> > > I just find this :
>
> > > Mailing-list
> > > [x] expire_sessions.py respects expiration time, thanks iceberg
>
> > > From the book :
> > > The file "applications/admin/cron/expire_sessions.py" actually exists and
> > > ships with the *admin* app. It checks for expired sessions and deletes
> > > them. "applications/admin/cron/crontab" runs this task hourly.
>
> > > I don't understand why Massimo wrote session never end up here in the
> > > thread?
>
> > > How safe it is if I adapt the expire_sessions.py to my app?
>
> > > What do I lost if I use to clear sessions files... Until now I was using
> > > them as kind of log to know what a user as do during it session.
>
> > > Thanks
>
> > > Richard
>
> > > On Tue, Nov 15, 2011 at 1:35 PM, Richard Vézina <
> > [email protected]
>
> > > > wrote:
> > > > I see 2 issues with this method :
>
> > > > 1) If user close his navigator instead of disconnecting properly
> > before...
>
> > > > 2) User use long expiration option (I will disabling the option)
>
> > > > So to resolve the remaining issue 1, I would like to trigger a action
> > when
> > > > user session is expired that will reset my flag in case user don't
> > > > disconnect (close navigator instead of clic disconnecting) before his
> > > > session has end.
>
> > > > How can I get know since how long a user is logged on or when user has
> > > > login so I can delta time?
>
> > > > Richard
>
> > > > On Mon, Nov 14, 2011 at 4:05 PM, Richard Vézina <
> > > > [email protected]> wrote:
>
> > > >> Here it is :
>
> > > >> Redefine auth table like this :
> > > >> auth_table = db.define_table(
> > > >> auth.settings.table_user_name,
>
> > > >> Append to default auth user field this field :
>
> > > >> Field('logged_on','boolean', writable=False, readable=False,
> > > >> default=None),
>
> > > >> Then I put those lines into db.py that contain my auth redefined table
> > > >> that's it (other models files contain the rest of my tables models)
>
> > > >> auth.settings.login_onaccept = lambda form:
> > user_logged_on_update('True',
> > > >> auth.user and auth.user.id)
> > > >> auth.settings.logout_onlogout = lambda user:
> > > >> user_logged_on_update('False', user.id)
>
> > > >> def user_logged_on_update(flag, user_id):
> > > >> """
> > > >> Update of "logged_on" auth_user field. True = logged on.
> > > >> """
> > > >> if user_id != None and flag != None:
> > > >> db.auth_user[user_id] = dict(logged_on = flag)
> > > >> return
>
> > > >> I know that function don't go into model so it properly best fitting
> > into
> > > >> module... But to allow lambda functions to call it I will have to
> > import
> > > >> them so... Don't know what best pratice...
>
> > > >> Also I get user id at login accept by calling : auth.user and
> > > >> auth.user.id
>
> > > >> But is the form containing user id?
>
> > > >> What do you think about that?
>
> > > >> Richard
>
> > > >> On Mon, Nov 14, 2011 at 2:37 PM, Richard Vézina <
> > > >> [email protected]> wrote:
>
> > > >>> Hello Sathvik,
>
> > > >>> Do you use the RBAC web2py feature?
>
> > > >>> How you "last_in" get update as user logon?
>
> > > >>> Ok, just re-read your email you don't use the auth...
>
> > > >>> I think personnalise the auth_user table (or any other name you give
> > it)
> > > >>> and append a boolean "loged_on" (TRUE/FALSE) field could do it in
> > > >>> conjunction with :
>
> > > >>> auth.settings.login_onaccept = lambda form:
> > user_logged_on_update('True')
>
> > > >>> auth.settings.logout_onlogout - lambda user:
> > > >>> user_logged_on_update('False')
>
> > > >>> Since we can't assign in lambda using a sub-function that update the
> > > >>> auth_user.logged_on=True or auth_user.logged_on=False will do it.
>
> > > >>> Note : It's just pseudo code... I can report here when I get a
> > working
> > > >>> implementation...
>
> > > >>> :)
>
> > > >>> Richard
>
> > > >>> On Fri, Nov 11, 2011 at 1:06 AM, Sathvik Ponangi <[email protected]
> > >wrote:
>
> > > >>>> I'm using a Users table & sessions to handle users.
>
> > > >>>> db.define_table('users',
> > > >>>>> db.Field('name', 'string'),
> > > >>>>> db.Field('password', 'password'),#If local user
> > > >>>>> db.Field('active', 'boolean', default=False),
> > > >>>>> db.Field('uid', 'string'),
> > > >>>>> db.Field('slinked', 'string',
> > > >>>>> default=""),#Redirect to a linked account
> > > >>>>> db.Field('last_in', 'datetime',
> > > >>>>> default=request.now),
> > > >>>>> db.Field('date', 'datetime',
> > default=request.now,
> > > >>>>> writable=False)
> > > >>>>> )
>
> > > >>>> Is it a good idea to switch-over to auth? If so, how do I do it?
>
> > > >>>> On Thu, Nov 10, 2011 at 3:44 AM, Richard Vézina <
> > > >>>> [email protected]> wrote:
>
> > > >>>>> Thank you!
>
> > > >>>>> Richard
>
> > > >>>>> On Wed, Nov 9, 2011 at 4:23 PM, Massimo Di Pierro <
> > > >>>>> [email protected]> wrote:
>
> > > >>>>>> They are usually called
>
> > > >>>>>> auth.settings.login_onaccept = lambda form: ..
> > > >>>>>> auth.settings.profile_onaccept = lambda form: ..
> > > >>>>>> auth.settings.<method>_onaccept = lambda form: ..
>
> > > >>>>>> and they all take the form.
>
> > > >>>>>> the name exception is
>
> > > >>>>>> auth.settings.logout_onlogout - lambda user: ...
>
> > > >>>>>> because there is no form to fill on logout but there is a user.
>
> > > >>>>>> On Nov 9, 1:37 pm, Richard Vézina <[email protected]>
> > > >>>>>> wrote:
> > > >>>>>> > Nice approach so I could update a custom field in auth_user and
> > put
> > > >>>>>> it true
> > > >>>>>> > or false at login and logout?
>
> > > >>>>>> > How I may set my flag to true?
>
> > > >>>>>> > Is there a auth.settings.login_onlogin ??
>
> > > >>>>>> > Thanks
>
> > > >>>>>> > Richard
>
> > > >>>>>> > On Wed, Nov 9, 2011 at 2:14 PM, Massimo Di Pierro <
>
> > > >>>>>> > [email protected]> wrote:
> > > >>>>>> > > Sessions never end. Do you want to detect logout?
>
> > > >>>>>> > > auth.settings.logout_onlogout = lambda user:
> > > >>>>>> do_something_with(user)
>
> > > >>>>>> > > On Nov 9, 11:58 am, Sathvik Ponangi <[email protected]>
> > wrote:
> > > >>>>>> > > > Is there someway that I could call a function when the user
> > > >>>>>> ends their
> > > >>>>>> > > > session?
>
> > > >>>> --
> > > >>>> Sathvik Ponangi
