Oliver,

> If timeout expires I expect
> 'Before change:' to be empty again, thus generating a new token. But it
> isn't. It still uses the old token. What's going on?

Just for clarification:  core session tracking tokens don't expire.  Session
data objects associated with tokens expire.  See the section "Session Id
(Non-)Expiration" in the help doc.  Your question is still valid, however.

The timeout parameter isn't exact.  In the current implementation, for
example, if your timeout is set to 20 minutes, it could take up to 40
minutes to expire the data object associated with the token.  It will
expire, however.  I need to work on making this more exact, but for now
consider the timeout the "minimum" amount of time before a session data
object will expire.

HTH,

Chris



_______________________________________________
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to