I'm sorry, I dont understand. You don't need to check inactivity (that's the responsibility of the session machinery). You just need to check for the availability of keys and values within the session. This is what the SessionUserFolder implementation does. Whether someone is "logged in" or "logged out" is kept track of within his session data object. If the session data object expires, you assume he has logged out. Does this make sense? ----- Original Message ----- From: "List Subscriber @ Neurobs" <list_subscriber@neurobs.com> To: "Chris McDonough" <chrism@zope.com>; <zope@zope.org> Sent: Thursday, August 15, 2002 4:29 AM Subject: Re: [Zope] Sessions question
oook. :) well since sessions know nothing about authentication, therefore they dont know who created them and thus cant logout the user who created them on expiry.
so then how would one go about checking inactivity on part of a user. for e.g.
User logged in at t = 0 mins. A cookie is set that records the login time. user worked on the site and finished work at time t = x at time t = x+20 user times out and user is logged out.
How do I implement the method that polls the system clock vs the cookie set at logon vs last hit time (provided I record the last hit time too (damn this is getting confusing!!!) )
Can it even be done or am I just being wishful ???
TIA AM
Chris McDonough wrote:
Currently, sessions have nothing to do whatsoever with Zope authentication, so there's no "right way" to do this short of writing your own user folder implementation (or extending an existing one).
- C