Dieter, Thank you for your reply. Originally was a customer-driven need to have them as long as possible for some time, but now there is a management need to make sessions as short as possible to increase security. My big concern is that my predecessor may have done some serious deep-down hacking to make sessions not time out until the browser is closed to stop the whining. He's not around anymore and I'm not as much of an expert as him. What I'm doing: Visit a simple HTML page that has a link to a second ... all of which is contained within a folder that requires authenticated user to view. I go to server:8080/page_path/page_name and have to log in. I do so, and see the page. Now, I wait 20,30, 45 minutes, even an hour and click on the link to server:8080/page_path/page_name2. What I WANT to happen is to be forced to provide my credentials if it's been sitting longer than 15 minutes. What IS happening is that I simply get the page. The zope.conf is set with a session-timeout-minutes 15. I've looked at the debugging page in the control panel, but it doesn't tell me anything I recognize as useful. ===================================== Robin Sale, Software Engineer Specialized Technology Resources, Inc. 10 Water Street Enfield CT 06082-4899 USA robin.sale@strus.com -----Original Message----- From: zope-bounces@zope.org [mailto:zope-bounces@zope.org] On Behalf Of Dieter Maurer Sent: Thursday, January 25, 2007 1:28 PM To: Sale, Robin Cc: zope@zope.org Subject: Re: [Zope] Session Timeout Troubles Sale, Robin wrote at 2007-1-25 09:59 -0500:
... I've recently been asked to set the system to user sessions time out after 15 minutes of activity. I've changed the setting in our zope.conf file (the session timeout value) and restarted zope. However, if I open a page on the site that requires logon and log in, then leave the browser alone for 15 or 20 minutes or even an hour, when I click on a link, it doesn't force me to re-authenticate... it just works as normal.
I have never heard of such a behaviour -- and it is almost unbelievable. In any such case (unbelievable behaviour), I always use a powerfull tool (the debugger in this case) to shed light into the behaviour. -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )