I asked a similar question on the plone mailing list, so sorry guys for a repeat. I created an access rule in Plone, not the root and I need to find if a user is logged in. I was told that can't be done, but doesn't there have to be a something transferred between pages to tell if someone is logged in. A session variable set somewhere or something. I figured maybe this was more of a Zope thing than Plone. Thanks! Andrew R. Halko
On Tue, 2003-06-24 at 07:20, Andrew R. Halko wrote:
I created an access rule in Plone, not the root and I need to find if a user is logged in. I was told that can't be done,
Not without some work, anyway. :-)
but doesn't there have to be a something transferred between pages to tell if someone is logged in.
Zope doesn't have the same notion of "logged in" and "sessions" that other systems do. Once you've authenticated, your authentication will persist so long as you keep that browser open. You remain "logged in" even between server restarts. I've maintained sessions like this for weeks at a time; in theory you could stay logged in forever. Knowing this, your question can be re-framed as "how can I check which users have authenticated and/or used the system in the last X minutes?" You'll want to create some method that records a timestamp related to a userid. Call this method whenever a "session-maintaining" event (i.e., a login or request) takes place. One way to do this would be to call your "session" method in a header/footer method. Then create another method that can extract this information such that you can determine which users have accessed the system recently and/or check a specific user's currency. There are any number of ways you can implement this... properties, an RDBMS, a custom product... but that's the general approach I'd take. HTH, Dylan
Out of plain curiosity, how does it relate a "session" with a user/browser. Keeping track of IP address in Zope and relating them? Andrew R. Halko -----Original Message----- From: Dylan Reinhardt [mailto:zope@dylanreinhardt.com] Sent: Tuesday, June 24, 2003 12:33 PM To: Andrew R. Halko Cc: zope@zope.org Subject: Re: [Zope] Access Rule On Tue, 2003-06-24 at 07:20, Andrew R. Halko wrote:
I created an access rule in Plone, not the root and I need to find if a user is logged in. I was told that can't be done,
Not without some work, anyway. :-)
but doesn't there have to be a something transferred between pages to tell if someone is logged in.
Zope doesn't have the same notion of "logged in" and "sessions" that other systems do. Once you've authenticated, your authentication will persist so long as you keep that browser open. You remain "logged in" even between server restarts. I've maintained sessions like this for weeks at a time; in theory you could stay logged in forever. Knowing this, your question can be re-framed as "how can I check which users have authenticated and/or used the system in the last X minutes?" You'll want to create some method that records a timestamp related to a userid. Call this method whenever a "session-maintaining" event (i.e., a login or request) takes place. One way to do this would be to call your "session" method in a header/footer method. Then create another method that can extract this information such that you can determine which users have accessed the system recently and/or check a specific user's currency. There are any number of ways you can implement this... properties, an RDBMS, a custom product... but that's the general approach I'd take. HTH, Dylan
This should answer most of your questions: http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Sessions.stx Dylan On Tue, 2003-06-24 at 09:14, Andrew R. Halko wrote:
Out of plain curiosity, how does it relate a "session" with a user/browser. Keeping track of IP address in Zope and relating them?
Andrew R. Halko
-----Original Message----- From: Dylan Reinhardt [mailto:zope@dylanreinhardt.com] Sent: Tuesday, June 24, 2003 12:33 PM To: Andrew R. Halko Cc: zope@zope.org Subject: Re: [Zope] Access Rule
On Tue, 2003-06-24 at 07:20, Andrew R. Halko wrote:
I created an access rule in Plone, not the root and I need to find if a user is logged in. I was told that can't be done,
Not without some work, anyway. :-)
but doesn't there have to be a something transferred between pages to tell if someone is logged in.
Zope doesn't have the same notion of "logged in" and "sessions" that other systems do. Once you've authenticated, your authentication will persist so long as you keep that browser open. You remain "logged in" even between server restarts. I've maintained sessions like this for weeks at a time; in theory you could stay logged in forever.
Knowing this, your question can be re-framed as "how can I check which users have authenticated and/or used the system in the last X minutes?" You'll want to create some method that records a timestamp related to a userid. Call this method whenever a "session-maintaining" event (i.e., a login or request) takes place. One way to do this would be to call your "session" method in a header/footer method.
Then create another method that can extract this information such that you can determine which users have accessed the system recently and/or check a specific user's currency.
There are any number of ways you can implement this... properties, an RDBMS, a custom product... but that's the general approach I'd take.
HTH,
Dylan
Andrew R. Halko wrote at 2003-6-24 10:20 -0400:
... I created an access rule in Plone, not the root and I need to find if a user is logged in. I was told that can't be done,
They are right...
but doesn't there have to be a something transferred between pages to tell if someone is logged in.
There is indeed. It is either a cookie (in a format understood by the UserFolder that created the cookie) or an HTTP authentication header (in a format specified by the HTTP specification). However, that you see this information does not mean that the request is authenticated. Indeed authentication is only done after traversal and therefore after your AccessRule fired. Someone (I think Evan) posted a patch to implement a post authentication hook. Something like this might help you. Dieter
participants (3)
-
Andrew R. Halko -
Dieter Maurer -
Dylan Reinhardt