Ok.. and here is the.. <hard answer> 1) Set a cookie to expire at the end of the session with a "start_time" variable. time.time(time.localtime()) 2) Set another cookie with a "last_action_time" variable 3) Create a method that checks the difference between "start_time" and "last_action_time" and if the time difference is too long send them back to a log on screen (and expire both cookies). </hard answer> Not pretty.. but I think it would work. JMA At 1:14 PM -0500 2/6/2000, Jules wrote:
On Sun, Feb 06, 2000 at 03:27:16PM +0000, Juri Jensen wrote: |Is it possible to set some kind of expiration time for users when they |haven't done anything for a while...?
Juri:
<executive summary> No. </executive summary>
</geek answer> This is an HTTP thing, not a Zope thing. The problem is that the browser is passing the user's name and password in the HTTP headers each time you request something from Zope (or indeed any protected resource from any Web server). So unless you programatically invalidate the password (bad, as it would confuse the heck out of the user), there's no real way to have a user 'log out'. The upside of this is that having an idle user doesn't use any resources on your Web server. When the Zope Portal Toolkit comes out, I believe it supports the concept of sessions -- these generally do use server side resources if the client doesn't support cookies -- and a timeout may be possible with it. </geek answer>
Good luck!
Cheers, Jules
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )