There is way what I did works at least imperfectly ? I want to make a quick gain for a couples of weeks...
After then I will have more time to look into comet_messaging.. Richard On Wed, Nov 16, 2011 at 1:51 PM, Massimo Di Pierro < [email protected]> wrote: > Now I understand what you want to do. > > What you propose would not work because there is no logout event. > Unless the user clicks the logout button, the logout happens when the > user tries to access the site and the session time exceeds expiration. > If the user logins and turns the browser off, the > user_logger_on_update function would never be called. > > The only way to do what you need is by using gluon/contrib/ > comet_messaging. > > When the user visits a page, it opens an html5 websocket. When the > user goes away the socket is closed, Over the socket each user would > send their current session_id info and from the pool of open socket > you would be able to reconstruct information about the state of each > user. > > Massimo > > On Nov 16, 11:09 am, Richard Vézina <[email protected]> > wrote: > > Ok so I just need look into : auth.is_logged_in()=False > > > > So what about this : > > > > def user_logged_on_update(flag, user_id): > > """ > > Update of "logged_on" auth_user field. True = logged on. > > """ > > if user_id != None and flag != None: > > db.auth_user[user_id] = dict(logged_on = flag) > > return > > > > # When user login and log off properly > > auth.settings.login_onaccept = lambda form: user_logged_on_update('True', > > auth.user and auth.user.id) > > auth.settings.logout_onlogout = lambda user: > user_logged_on_update('False', > > user.id) > > > > # When user let hang for ever his connection for what ever reason > > if auth.user: > > db.auth_user(auth.user and auth.user.id).update(logged_on = > > auth.is_logged_in()) > > > > In model file?? > > > > It's maybe heavy to commit user status on the system every time model is > > reload, in that case putting those command in CRON hourly could do it?? > > > > Richard > > > > On Wed, Nov 16, 2011 at 10:20 AM, Massimo Di Pierro < > > > > > > > > > > > > > > > > [email protected]> wrote: > > > Inside Auth(...) there is this logic > > > > > if auth and auth.last_visit and auth.last_visit + \ > > > datetime.timedelta(days=0, seconds=auth.expiration) > > > > request.now: > > > self.user = auth.user > > > # this is a trick to speed up > > > sessions > > > if (request.now - auth.last_visit).seconds > > > > (auth.expiration/10): > > > auth.last_visit = request.now > > > else: > > > self.user = None > > > session.auth = None > > > > > If the user has logged or of the auth session has expires, then > > > session.auth = None, auth.user = None and auth.is_logged_in()=False. > > > > > On Nov 16, 9:12 am, Richard Vézina <[email protected]> > > > wrote: > > > > Ok, so what I want is to know how to verify if it authentification > has > > > > expired... > > > > > > I hope I am clear I don't know the exact wording for what I want... > > > > > > But I would trigger a update on my flag ("logged_on" : TRUE/FALSE) in > > > case > > > > user don't clic disconnect before close browser or if he leave his > > > browser > > > > open until the end of the day without disconnecting. > > > > > > My flag is only a way to avoid opening a bunch of sessions files in > > > > app/sessions/ to look in which user is still logged on. I would be > sure > > > > before making update to my app that no body is online and working... > > > > > > Thanks > > > > > > Richard > > > > > > On Tue, Nov 15, 2011 at 10:54 PM, Massimo Di Pierro < > > > > > > [email protected]> wrote: > > > > > There different issues here. > > > > > > > One issue is the session storage. It is associated to the cookie > uuid. > > > > > This never expires unless the server side file is deleted (the > script > > > > > you mention does that). > > > > > > > Another issue is the content of the session. For example > > > > > authentication information. That expires automatically. Even if the > > > > > session cookie is stolen it is useless. > > > > > > > Think of amazon. It always recognizes you but that does not mean it > > > > > always thinks you are logged in. Web2py does the same. The session > > > > > always remembers you since there is no reason to forget who you > are. > > > > > That does not it always thinks you are authenticated. > > > > > > > The only reason to delete session server side is storage space. > > > > > > > On Nov 15, 12:56 pm, Richard Vézina <[email protected]> > > > > > wrote: > > > > > > Hello, > > > > > > > > I just find this : > > > > > > > > Mailing-list > > > > > > [x] expire_sessions.py respects expiration time, thanks iceberg > > > > > > > > From the book : > > > > > > The file "applications/admin/cron/expire_sessions.py" actually > > > exists and > > > > > > ships with the *admin* app. It checks for expired sessions and > > > deletes > > > > > > them. "applications/admin/cron/crontab" runs this task hourly. > > > > > > > > I don't understand why Massimo wrote session never end up here > in the > > > > > > thread? > > > > > > > > How safe it is if I adapt the expire_sessions.py to my app? > > > > > > > > What do I lost if I use to clear sessions files... Until now I > was > > > using > > > > > > them as kind of log to know what a user as do during it session. > > > > > > > > Thanks > > > > > > > > Richard > > > > > > > > On Tue, Nov 15, 2011 at 1:35 PM, Richard Vézina < > > > > > [email protected] > > > > > > > > > wrote: > > > > > > > I see 2 issues with this method : > > > > > > > > > 1) If user close his navigator instead of disconnecting > properly > > > > > before... > > > > > > > > > 2) User use long expiration option (I will disabling the > option) > > > > > > > > > So to resolve the remaining issue 1, I would like to trigger a > > > action > > > > > when > > > > > > > user session is expired that will reset my flag in case user > don't > > > > > > > disconnect (close navigator instead of clic disconnecting) > before > > > his > > > > > > > session has end. > > > > > > > > > How can I get know since how long a user is logged on or when > user > > > has > > > > > > > login so I can delta time? > > > > > > > > > Richard > > > > > > > > > On Mon, Nov 14, 2011 at 4:05 PM, Richard Vézina < > > > > > > > [email protected]> wrote: > > > > > > > > >> Here it is : > > > > > > > > >> Redefine auth table like this : > > > > > > >> auth_table = db.define_table( > > > > > > >> auth.settings.table_user_name, > > > > > > > > >> Append to default auth user field this field : > > > > > > > > >> Field('logged_on','boolean', writable=False, > readable=False, > > > > > > >> default=None), > > > > > > > > >> Then I put those lines into db.py that contain my auth > redefined > > > table > > > > > > >> that's it (other models files contain the rest of my tables > > > models) > > > > > > > > >> auth.settings.login_onaccept = lambda form: > > > > > user_logged_on_update('True', > > > > > > >> auth.user and auth.user.id) > > > > > > >> auth.settings.logout_onlogout = lambda user: > > > > > > >> user_logged_on_update('False', user.id) > > > > > > > > >> def user_logged_on_update(flag, user_id): > > > > > > >> """ > > > > > > >> Update of "logged_on" auth_user field. True = logged on. > > > > > > >> """ > > > > > > >> if user_id != None and flag != None: > > > > > > >> db.auth_user[user_id] = dict(logged_on = flag) > > > > > > >> return > > > > > > > > >> I know that function don't go into model so it properly best > > > fitting > > > > > into > > > > > > >> module... But to allow lambda functions to call it I will > have to > > > > > import > > > > > > >> them so... Don't know what best pratice... > > > > > > > > >> Also I get user id at login accept by calling : auth.user and > > > > > > >> auth.user.id > > > > > > > > >> But is the form containing user id? > > > > > > > > >> What do you think about that? > > > > > > > > >> Richard > > > > > > > > >> On Mon, Nov 14, 2011 at 2:37 PM, Richard Vézina < > > > > > > >> [email protected]> wrote: > > > > > > > > >>> Hello Sathvik, > > > > > > > > >>> Do you use the RBAC web2py feature? > > > > > > > > >>> How you "last_in" get update as user logon? > > > > > > > > >>> Ok, just re-read your email you don't use the auth... > > > > > > > > >>> I think personnalise the auth_user table (or any other name > you > > > give > > > > > it) > > > > > > >>> and append a boolean "loged_on" (TRUE/FALSE) field could do > it in > > > > > > >>> conjunction with : > > > > > > > > >>> auth.settings.login_onaccept = lambda form: > > > > > user_logged_on_update('True') > > > > > > > > >>> auth.settings.logout_onlogout - lambda user: > > > > > > >>> user_logged_on_update('False') > > > > > > > > >>> Since we can't assign in lambda using a sub-function that > update > > > the > > > > > > >>> auth_user.logged_on=True or auth_user.logged_on=False will > do it. > > > > > > > > >>> Note : It's just pseudo code... I can report here when I get > a > > > > > working > > > > > > >>> implementation... > > > > > > > > >>> :) > > > > > > > > >>> Richard > > > > > > > > >>> On Fri, Nov 11, 2011 at 1:06 AM, Sathvik Ponangi < > > > [email protected] > > > > > >wrote: > > > > > > > > >>>> I'm using a Users table & sessions to handle users. > > > > > > > > >>>> db.define_table('users', > > > > > > >>>>> db.Field('name', 'string'), > > > > > > >>>>> db.Field('password', 'password'),#If > local > > > user > > > > > > >>>>> db.Field('active', 'boolean', > > > default=False), > > > > > > >>>>> db.Field('uid', 'string'), > > > > > > >>>>> db.Field('slinked', 'string', > > > > > > >>>>> default=""),#Redirect to a linked account > > > > > > >>>>> db.Field('last_in', 'datetime', > > > > > > >>>>> default=request.now), > > > > > > >>>>> db.Field('date', 'datetime', > > > > > default=request.now, > > > > > > >>>>> writable=False) > > > > > > >>>>> ) > > > > > > > > >>>> Is it a good idea to switch-over to auth? If so, how do I > do it? > > > > > > > > >>>> On Thu, Nov 10, 2011 at 3:44 AM, Richard Vézina < > > > > > > >>>> [email protected]> wrote: > > > > > > > > >>>>> Thank you! > > > > > > > > >>>>> Richard > > > > > > > > >>>>> On Wed, Nov 9, 2011 at 4:23 PM, Massimo Di Pierro < > > > > > > >>>>> [email protected]> wrote: > > > > > > > > >>>>>> They are usually called > > > > > > > > >>>>>> auth.settings.login_onaccept = lambda form: .. > > > > > > >>>>>> auth.settings.profile_onaccept = lambda form: .. > > > > > > >>>>>> auth.settings.<method>_onaccept = lambda form: .. > > > > > > > > >>>>>> and they all take the form. > > > > > > > > >>>>>> the name exception is > > > > > > > > >>>>>> auth.settings.logout_onlogout - lambda user: ... > > > > > > > > >>>>>> because there is no form to fill on logout but there is a > > > user. > > > > > > > > >>>>>> On Nov 9, 1:37 pm, Richard Vézina < > > > [email protected]> > > > > > > >>>>>> wrote: > > > > > > >>>>>> > Nice approach so I could update a custom field in > auth_user > > > and > > > > > put > > > > > > >>>>>> it true > > > > > > >>>>>> > or false at login and logout? > > > > > > > > >>>>>> > How I may set my flag to true? > > > > > > > > >>>>>> > Is there a auth.settings.login_onlogin ?? > > > > > > > > >>>>>> > Thanks > > > > > > > > >>>>>> > Richard > > > > > > > > >>>>>> > On Wed, Nov 9, 2011 at 2:14 PM, Massimo Di Pierro < > > > > > > > > >>>>>> > [email protected]> wrote: > > > > > > >>>>>> > > Sessions never end. Do you want to detect logout? > > > > > > > > >>>>>> > > auth.settings.logout_onlogout = lambda user: > > > > > > >>>>>> do_something_with(user) > > > > ... > > > > read more »
