Ok, so what I want is to know how to verify if it authentification has
expired...
I hope I am clear I don't know the exact wording for what I want...
But I would trigger a update on my flag ("logged_on" : TRUE/FALSE) in case
user don't clic disconnect before close browser or if he leave his browser
open until the end of the day without disconnecting.
My flag is only a way to avoid opening a bunch of sessions files in
app/sessions/ to look in which user is still logged on. I would be sure
before making update to my app that no body is online and working...
Thanks
Richard
On Tue, Nov 15, 2011 at 10:54 PM, Massimo Di Pierro <
[email protected]> wrote:
> There different issues here.
>
> One issue is the session storage. It is associated to the cookie uuid.
> This never expires unless the server side file is deleted (the script
> you mention does that).
>
> Another issue is the content of the session. For example
> authentication information. That expires automatically. Even if the
> session cookie is stolen it is useless.
>
> Think of amazon. It always recognizes you but that does not mean it
> always thinks you are logged in. Web2py does the same. The session
> always remembers you since there is no reason to forget who you are.
> That does not it always thinks you are authenticated.
>
> The only reason to delete session server side is storage space.
>
> On Nov 15, 12:56 pm, Richard Vézina <[email protected]>
> wrote:
> > Hello,
> >
> > I just find this :
> >
> > Mailing-list
> > [x] expire_sessions.py respects expiration time, thanks iceberg
> >
> > From the book :
> > The file "applications/admin/cron/expire_sessions.py" actually exists and
> > ships with the *admin* app. It checks for expired sessions and deletes
> > them. "applications/admin/cron/crontab" runs this task hourly.
> >
> > I don't understand why Massimo wrote session never end up here in the
> > thread?
> >
> > How safe it is if I adapt the expire_sessions.py to my app?
> >
> > What do I lost if I use to clear sessions files... Until now I was using
> > them as kind of log to know what a user as do during it session.
> >
> > Thanks
> >
> > Richard
> >
> > On Tue, Nov 15, 2011 at 1:35 PM, Richard Vézina <
> [email protected]
> >
> >
> >
> >
> >
> >
> >
> > > wrote:
> > > I see 2 issues with this method :
> >
> > > 1) If user close his navigator instead of disconnecting properly
> before...
> >
> > > 2) User use long expiration option (I will disabling the option)
> >
> > > So to resolve the remaining issue 1, I would like to trigger a action
> when
> > > user session is expired that will reset my flag in case user don't
> > > disconnect (close navigator instead of clic disconnecting) before his
> > > session has end.
> >
> > > How can I get know since how long a user is logged on or when user has
> > > login so I can delta time?
> >
> > > Richard
> >
> > > On Mon, Nov 14, 2011 at 4:05 PM, Richard Vézina <
> > > [email protected]> wrote:
> >
> > >> Here it is :
> >
> > >> Redefine auth table like this :
> > >> auth_table = db.define_table(
> > >> auth.settings.table_user_name,
> >
> > >> Append to default auth user field this field :
> >
> > >> Field('logged_on','boolean', writable=False, readable=False,
> > >> default=None),
> >
> > >> Then I put those lines into db.py that contain my auth redefined table
> > >> that's it (other models files contain the rest of my tables models)
> >
> > >> auth.settings.login_onaccept = lambda form:
> user_logged_on_update('True',
> > >> auth.user and auth.user.id)
> > >> auth.settings.logout_onlogout = lambda user:
> > >> user_logged_on_update('False', user.id)
> >
> > >> def user_logged_on_update(flag, user_id):
> > >> """
> > >> Update of "logged_on" auth_user field. True = logged on.
> > >> """
> > >> if user_id != None and flag != None:
> > >> db.auth_user[user_id] = dict(logged_on = flag)
> > >> return
> >
> > >> I know that function don't go into model so it properly best fitting
> into
> > >> module... But to allow lambda functions to call it I will have to
> import
> > >> them so... Don't know what best pratice...
> >
> > >> Also I get user id at login accept by calling : auth.user and
> > >> auth.user.id
> >
> > >> But is the form containing user id?
> >
> > >> What do you think about that?
> >
> > >> Richard
> >
> > >> On Mon, Nov 14, 2011 at 2:37 PM, Richard Vézina <
> > >> [email protected]> wrote:
> >
> > >>> Hello Sathvik,
> >
> > >>> Do you use the RBAC web2py feature?
> >
> > >>> How you "last_in" get update as user logon?
> >
> > >>> Ok, just re-read your email you don't use the auth...
> >
> > >>> I think personnalise the auth_user table (or any other name you give
> it)
> > >>> and append a boolean "loged_on" (TRUE/FALSE) field could do it in
> > >>> conjunction with :
> >
> > >>> auth.settings.login_onaccept = lambda form:
> user_logged_on_update('True')
> >
> > >>> auth.settings.logout_onlogout - lambda user:
> > >>> user_logged_on_update('False')
> >
> > >>> Since we can't assign in lambda using a sub-function that update the
> > >>> auth_user.logged_on=True or auth_user.logged_on=False will do it.
> >
> > >>> Note : It's just pseudo code... I can report here when I get a
> working
> > >>> implementation...
> >
> > >>> :)
> >
> > >>> Richard
> >
> > >>> On Fri, Nov 11, 2011 at 1:06 AM, Sathvik Ponangi <[email protected]
> >wrote:
> >
> > >>>> I'm using a Users table & sessions to handle users.
> >
> > >>>> db.define_table('users',
> > >>>>> db.Field('name', 'string'),
> > >>>>> db.Field('password', 'password'),#If local user
> > >>>>> db.Field('active', 'boolean', default=False),
> > >>>>> db.Field('uid', 'string'),
> > >>>>> db.Field('slinked', 'string',
> > >>>>> default=""),#Redirect to a linked account
> > >>>>> db.Field('last_in', 'datetime',
> > >>>>> default=request.now),
> > >>>>> db.Field('date', 'datetime',
> default=request.now,
> > >>>>> writable=False)
> > >>>>> )
> >
> > >>>> Is it a good idea to switch-over to auth? If so, how do I do it?
> >
> > >>>> On Thu, Nov 10, 2011 at 3:44 AM, Richard Vézina <
> > >>>> [email protected]> wrote:
> >
> > >>>>> Thank you!
> >
> > >>>>> Richard
> >
> > >>>>> On Wed, Nov 9, 2011 at 4:23 PM, Massimo Di Pierro <
> > >>>>> [email protected]> wrote:
> >
> > >>>>>> They are usually called
> >
> > >>>>>> auth.settings.login_onaccept = lambda form: ..
> > >>>>>> auth.settings.profile_onaccept = lambda form: ..
> > >>>>>> auth.settings.<method>_onaccept = lambda form: ..
> >
> > >>>>>> and they all take the form.
> >
> > >>>>>> the name exception is
> >
> > >>>>>> auth.settings.logout_onlogout - lambda user: ...
> >
> > >>>>>> because there is no form to fill on logout but there is a user.
> >
> > >>>>>> On Nov 9, 1:37 pm, Richard Vézina <[email protected]>
> > >>>>>> wrote:
> > >>>>>> > Nice approach so I could update a custom field in auth_user and
> put
> > >>>>>> it true
> > >>>>>> > or false at login and logout?
> >
> > >>>>>> > How I may set my flag to true?
> >
> > >>>>>> > Is there a auth.settings.login_onlogin ??
> >
> > >>>>>> > Thanks
> >
> > >>>>>> > Richard
> >
> > >>>>>> > On Wed, Nov 9, 2011 at 2:14 PM, Massimo Di Pierro <
> >
> > >>>>>> > [email protected]> wrote:
> > >>>>>> > > Sessions never end. Do you want to detect logout?
> >
> > >>>>>> > > auth.settings.logout_onlogout = lambda user:
> > >>>>>> do_something_with(user)
> >
> > >>>>>> > > On Nov 9, 11:58 am, Sathvik Ponangi <[email protected]>
> wrote:
> > >>>>>> > > > Is there someway that I could call a function when the user
> > >>>>>> ends their
> > >>>>>> > > > session?
> >
> > >>>> --
> > >>>> Sathvik Ponangi
>
