Oliver, > If timeout expires I expect > 'Before change:' to be empty again, thus generating a new token. But it > isn't. It still uses the old token. What's going on? Just for clarification: core session tracking tokens don't expire. Session data objects associated with tokens expire. See the section "Session Id (Non-)Expiration" in the help doc. Your question is still valid, however. The timeout parameter isn't exact. In the current implementation, for example, if your timeout is set to 20 minutes, it could take up to 40 minutes to expire the data object associated with the token. It will expire, however. I need to work on making this more exact, but for now consider the timeout the "minimum" amount of time before a session data object will expire. HTH, Chris _______________________________________________ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
