Now I understand what you want to do. What you propose would not work because there is no logout event. Unless the user clicks the logout button, the logout happens when the user tries to access the site and the session time exceeds expiration. If the user logins and turns the browser off, the user_logger_on_update function would never be called.
The only way to do what you need is by using gluon/contrib/ comet_messaging. When the user visits a page, it opens an html5 websocket. When the user goes away the socket is closed, Over the socket each user would send their current session_id info and from the pool of open socket you would be able to reconstruct information about the state of each user. Massimo On Nov 16, 11:09 am, Richard Vézina <[email protected]> wrote: > Ok so I just need look into : auth.is_logged_in()=False > > So what about this : > > def user_logged_on_update(flag, user_id): > """ > Update of "logged_on" auth_user field. True = logged on. > """ > if user_id != None and flag != None: > db.auth_user[user_id] = dict(logged_on = flag) > return > > # When user login and log off properly > auth.settings.login_onaccept = lambda form: user_logged_on_update('True', > auth.user and auth.user.id) > auth.settings.logout_onlogout = lambda user: user_logged_on_update('False', > user.id) > > # When user let hang for ever his connection for what ever reason > if auth.user: > db.auth_user(auth.user and auth.user.id).update(logged_on = > auth.is_logged_in()) > > In model file?? > > It's maybe heavy to commit user status on the system every time model is > reload, in that case putting those command in CRON hourly could do it?? > > Richard > > On Wed, Nov 16, 2011 at 10:20 AM, Massimo Di Pierro < > > > > > > > > [email protected]> wrote: > > Inside Auth(...) there is this logic > > > if auth and auth.last_visit and auth.last_visit + \ > > datetime.timedelta(days=0, seconds=auth.expiration) > > > request.now: > > self.user = auth.user > > # this is a trick to speed up > > sessions > > if (request.now - auth.last_visit).seconds > > > (auth.expiration/10): > > auth.last_visit = request.now > > else: > > self.user = None > > session.auth = None > > > If the user has logged or of the auth session has expires, then > > session.auth = None, auth.user = None and auth.is_logged_in()=False. > > > On Nov 16, 9:12 am, Richard Vézina <[email protected]> > > wrote: > > > Ok, so what I want is to know how to verify if it authentification has > > > expired... > > > > I hope I am clear I don't know the exact wording for what I want... > > > > But I would trigger a update on my flag ("logged_on" : TRUE/FALSE) in > > case > > > user don't clic disconnect before close browser or if he leave his > > browser > > > open until the end of the day without disconnecting. > > > > My flag is only a way to avoid opening a bunch of sessions files in > > > app/sessions/ to look in which user is still logged on. I would be sure > > > before making update to my app that no body is online and working... > > > > Thanks > > > > Richard > > > > On Tue, Nov 15, 2011 at 10:54 PM, Massimo Di Pierro < > > > > [email protected]> wrote: > > > > There different issues here. > > > > > One issue is the session storage. It is associated to the cookie uuid. > > > > This never expires unless the server side file is deleted (the script > > > > you mention does that). > > > > > Another issue is the content of the session. For example > > > > authentication information. That expires automatically. Even if the > > > > session cookie is stolen it is useless. > > > > > Think of amazon. It always recognizes you but that does not mean it > > > > always thinks you are logged in. Web2py does the same. The session > > > > always remembers you since there is no reason to forget who you are. > > > > That does not it always thinks you are authenticated. > > > > > The only reason to delete session server side is storage space. > > > > > On Nov 15, 12:56 pm, Richard Vézina <[email protected]> > > > > wrote: > > > > > Hello, > > > > > > I just find this : > > > > > > Mailing-list > > > > > [x] expire_sessions.py respects expiration time, thanks iceberg > > > > > > From the book : > > > > > The file "applications/admin/cron/expire_sessions.py" actually > > exists and > > > > > ships with the *admin* app. It checks for expired sessions and > > deletes > > > > > them. "applications/admin/cron/crontab" runs this task hourly. > > > > > > I don't understand why Massimo wrote session never end up here in the > > > > > thread? > > > > > > How safe it is if I adapt the expire_sessions.py to my app? > > > > > > What do I lost if I use to clear sessions files... Until now I was > > using > > > > > them as kind of log to know what a user as do during it session. > > > > > > Thanks > > > > > > Richard > > > > > > On Tue, Nov 15, 2011 at 1:35 PM, Richard Vézina < > > > > [email protected] > > > > > > > wrote: > > > > > > I see 2 issues with this method : > > > > > > > 1) If user close his navigator instead of disconnecting properly > > > > before... > > > > > > > 2) User use long expiration option (I will disabling the option) > > > > > > > So to resolve the remaining issue 1, I would like to trigger a > > action > > > > when > > > > > > user session is expired that will reset my flag in case user don't > > > > > > disconnect (close navigator instead of clic disconnecting) before > > his > > > > > > session has end. > > > > > > > How can I get know since how long a user is logged on or when user > > has > > > > > > login so I can delta time? > > > > > > > Richard > > > > > > > On Mon, Nov 14, 2011 at 4:05 PM, Richard Vézina < > > > > > > [email protected]> wrote: > > > > > > >> Here it is : > > > > > > >> Redefine auth table like this : > > > > > >> auth_table = db.define_table( > > > > > >> auth.settings.table_user_name, > > > > > > >> Append to default auth user field this field : > > > > > > >> Field('logged_on','boolean', writable=False, readable=False, > > > > > >> default=None), > > > > > > >> Then I put those lines into db.py that contain my auth redefined > > table > > > > > >> that's it (other models files contain the rest of my tables > > models) > > > > > > >> auth.settings.login_onaccept = lambda form: > > > > user_logged_on_update('True', > > > > > >> auth.user and auth.user.id) > > > > > >> auth.settings.logout_onlogout = lambda user: > > > > > >> user_logged_on_update('False', user.id) > > > > > > >> def user_logged_on_update(flag, user_id): > > > > > >> """ > > > > > >> Update of "logged_on" auth_user field. True = logged on. > > > > > >> """ > > > > > >> if user_id != None and flag != None: > > > > > >> db.auth_user[user_id] = dict(logged_on = flag) > > > > > >> return > > > > > > >> I know that function don't go into model so it properly best > > fitting > > > > into > > > > > >> module... But to allow lambda functions to call it I will have to > > > > import > > > > > >> them so... Don't know what best pratice... > > > > > > >> Also I get user id at login accept by calling : auth.user and > > > > > >> auth.user.id > > > > > > >> But is the form containing user id? > > > > > > >> What do you think about that? > > > > > > >> Richard > > > > > > >> On Mon, Nov 14, 2011 at 2:37 PM, Richard Vézina < > > > > > >> [email protected]> wrote: > > > > > > >>> Hello Sathvik, > > > > > > >>> Do you use the RBAC web2py feature? > > > > > > >>> How you "last_in" get update as user logon? > > > > > > >>> Ok, just re-read your email you don't use the auth... > > > > > > >>> I think personnalise the auth_user table (or any other name you > > give > > > > it) > > > > > >>> and append a boolean "loged_on" (TRUE/FALSE) field could do it in > > > > > >>> conjunction with : > > > > > > >>> auth.settings.login_onaccept = lambda form: > > > > user_logged_on_update('True') > > > > > > >>> auth.settings.logout_onlogout - lambda user: > > > > > >>> user_logged_on_update('False') > > > > > > >>> Since we can't assign in lambda using a sub-function that update > > the > > > > > >>> auth_user.logged_on=True or auth_user.logged_on=False will do it. > > > > > > >>> Note : It's just pseudo code... I can report here when I get a > > > > working > > > > > >>> implementation... > > > > > > >>> :) > > > > > > >>> Richard > > > > > > >>> On Fri, Nov 11, 2011 at 1:06 AM, Sathvik Ponangi < > > [email protected] > > > > >wrote: > > > > > > >>>> I'm using a Users table & sessions to handle users. > > > > > > >>>> db.define_table('users', > > > > > >>>>> db.Field('name', 'string'), > > > > > >>>>> db.Field('password', 'password'),#If local > > user > > > > > >>>>> db.Field('active', 'boolean', > > default=False), > > > > > >>>>> db.Field('uid', 'string'), > > > > > >>>>> db.Field('slinked', 'string', > > > > > >>>>> default=""),#Redirect to a linked account > > > > > >>>>> db.Field('last_in', 'datetime', > > > > > >>>>> default=request.now), > > > > > >>>>> db.Field('date', 'datetime', > > > > default=request.now, > > > > > >>>>> writable=False) > > > > > >>>>> ) > > > > > > >>>> Is it a good idea to switch-over to auth? If so, how do I do it? > > > > > > >>>> On Thu, Nov 10, 2011 at 3:44 AM, Richard Vézina < > > > > > >>>> [email protected]> wrote: > > > > > > >>>>> Thank you! > > > > > > >>>>> Richard > > > > > > >>>>> On Wed, Nov 9, 2011 at 4:23 PM, Massimo Di Pierro < > > > > > >>>>> [email protected]> wrote: > > > > > > >>>>>> They are usually called > > > > > > >>>>>> auth.settings.login_onaccept = lambda form: .. > > > > > >>>>>> auth.settings.profile_onaccept = lambda form: .. > > > > > >>>>>> auth.settings.<method>_onaccept = lambda form: .. > > > > > > >>>>>> and they all take the form. > > > > > > >>>>>> the name exception is > > > > > > >>>>>> auth.settings.logout_onlogout - lambda user: ... > > > > > > >>>>>> because there is no form to fill on logout but there is a > > user. > > > > > > >>>>>> On Nov 9, 1:37 pm, Richard Vézina < > > [email protected]> > > > > > >>>>>> wrote: > > > > > >>>>>> > Nice approach so I could update a custom field in auth_user > > and > > > > put > > > > > >>>>>> it true > > > > > >>>>>> > or false at login and logout? > > > > > > >>>>>> > How I may set my flag to true? > > > > > > >>>>>> > Is there a auth.settings.login_onlogin ?? > > > > > > >>>>>> > Thanks > > > > > > >>>>>> > Richard > > > > > > >>>>>> > On Wed, Nov 9, 2011 at 2:14 PM, Massimo Di Pierro < > > > > > > >>>>>> > [email protected]> wrote: > > > > > >>>>>> > > Sessions never end. Do you want to detect logout? > > > > > > >>>>>> > > auth.settings.logout_onlogout = lambda user: > > > > > >>>>>> do_something_with(user) > > ... > > read more »
