Determining user from session object - who is logged in?
I thought the place to start wold be: /temp_folder/session_data/ I have built a small little thing to play with the contents of that. External method and script below. However I have not been able to figure out a way to connect these sessions with "logged in users". I suppose I could make some add/remove actions to log the data somewhere, and then get it from there, but there has to be some more direct way... Any ideas anyone? Gaute. ------ def CurrentSessions(self): root = self.getPhysicalRoot() session_data = root.restrictedTraverse('/temp_folder/session_data') return session_data.items() -------- ## Script (Python) "view_sessions" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title= ## def timeSpan(secs): # seconds -> hours, minutes og seconds hours = int(secs/3600) secs = secs % 3600 minutes = int(secs/60) secs = int(secs % 60) return "%02d:%02d:%02d" % (hours, minutes, secs) print 'View session data' # flush expired objects...? session = context.session_data_manager.getSessionData() session.set('This is','me') data = container.CurrentSessions() print str(len(data)) + ' objects' for i in data: last = i[1].getLastAccessed() made = i[1].getCreated() now = DateTime().timeTime() print i[1].items() print 'Made: '+DateTime(made).strftime('%Y-%m-%d %H:%M:%S') #print 'Last: '+DateTime(last).strftime('%Y-%m-%d %H:%M:%S') #print 'Now: '+DateTime(now).strftime('%Y-%m-%d %H:%M:%S') print 'Used: ' + timeSpan(last - made) print 'Idle: ' + timeSpan(now - last) print '' return printed ------
On Wed, 2005-10-12 at 19:32 +0200, Gaute Amundsen wrote:
I thought the place to start wold be: /temp_folder/session_data/
I have built a small little thing to play with the contents of that. External method and script below.
However I have not been able to figure out a way to connect these sessions with "logged in users".
There is no built-in connection between the two. If you want to do this, you need to use a user folder implementations that keeps credentials in the session. - C
On Wednesday 12 October 2005 20:19, Chris McDonough wrote:
On Wed, 2005-10-12 at 19:32 +0200, Gaute Amundsen wrote:
I thought the place to start wold be: /temp_folder/session_data/
I have built a small little thing to play with the contents of that. External method and script below.
However I have not been able to figure out a way to connect these sessions with "logged in users".
There is no built-in connection between the two. If you want to do this, you need to use a user folder implementations that keeps credentials in the session.
Hm.. ok. So what strategy would you chose? 1) Tweak ExuserFolder to put credentials in the session. 2) Use an addScript on session_data to put credentials in the session. 3) Use 1 or 2 to put credentials somewhere else? And thanks :) Gaute
On Oct 12, 2005, at 4:50 PM, Gaute Amundsen wrote:
On Wednesday 12 October 2005 20:19, Chris McDonough wrote:
On Wed, 2005-10-12 at 19:32 +0200, Gaute Amundsen wrote:
I thought the place to start wold be: /temp_folder/session_data/
I have built a small little thing to play with the contents of that. External method and script below.
However I have not been able to figure out a way to connect these sessions with "logged in users".
There is no built-in connection between the two. If you want to do this, you need to use a user folder implementations that keeps credentials in the session.
Hm.. ok.
So what strategy would you chose?
1) Tweak ExuserFolder to put credentials in the session.
2) Use an addScript on session_data to put credentials in the session.
3) Use 1 or 2 to put credentials somewhere else?
And thanks :)
Probably 1, because it's possible for a session to be created without someone being logged in, and exUserFolder is probably really the only thing that knows when someone logs in and out. - C
On Wednesday 12 October 2005 22:58, Chris McDonough wrote:
On Oct 12, 2005, at 4:50 PM, Gaute Amundsen wrote:
On Wednesday 12 October 2005 20:19, Chris McDonough wrote:
On Wed, 2005-10-12 at 19:32 +0200, Gaute Amundsen wrote:
I thought the place to start wold be: /temp_folder/session_data/
I have built a small little thing to play with the contents of that. External method and script below.
However I have not been able to figure out a way to connect these sessions with "logged in users".
There is no built-in connection between the two. If you want to do this, you need to use a user folder implementations that keeps credentials in the session.
Hm.. ok.
So what strategy would you chose?
1) Tweak ExuserFolder to put credentials in the session.
2) Use an addScript on session_data to put credentials in the session.
3) Use 1 or 2 to put credentials somewhere else?
And thanks :)
Probably 1, because it's possible for a session to be created without someone being logged in, and exUserFolder is probably really the only thing that knows when someone logs in and out.
Well, I know that ther might easily be "login less" sessions, but, is it possible to log have "session less" logins? The first case would not be a problem. I expect one could easily detect the lack of userdata, and skip altering the session, and in that case would not an addScript let me solve this without resort to external methods, or product code? Gaute
On Thu, 2005-10-13 at 00:26 +0200, Gaute Amundsen wrote:
Well, I know that ther might easily be "login less" sessions, but, is it possible to log have "session less" logins?
Yes. In fact, this is the default for Zope "out of the box". Zope's default user folder uses HTTP basic authentication, which doesn't require sessions at all. Ditto for applications that use CookieCrumbler or user folder implementations that use cookies to store credentials. Zope does not create a session for every user by default, just because not all applications require sessions. It's up to the programmer to create use sessions. Usually this just means putting a mention of REQUEST.SESSION in one or more of your scripts or views.
The first case would not be a problem. I expect one could easily detect the lack of userdata, and skip altering the session, and in that case would not an addScript let me solve this without resort to external methods, or product code?
addScript... sure, doing it this way is likely easy for any given application. It just can't be solved generally for all applications because there's no easily-overrideable "do this at login time" hook built in to "stock" Zope (although there are definitely hooks for this in PAS and probably in exUserFolder too). - C
That cleared things up nicely. I will dig into ExuserFolder (which is our standard) a bit more before i decide. Thanks :) Gaute On Thursday 13 October 2005 10:25, Chris McDonough wrote:
On Thu, 2005-10-13 at 00:26 +0200, Gaute Amundsen wrote:
Well, I know that ther might easily be "login less" sessions, but, is it possible to log have "session less" logins?
Yes. In fact, this is the default for Zope "out of the box". Zope's default user folder uses HTTP basic authentication, which doesn't require sessions at all. Ditto for applications that use CookieCrumbler or user folder implementations that use cookies to store credentials.
Zope does not create a session for every user by default, just because not all applications require sessions. It's up to the programmer to create use sessions. Usually this just means putting a mention of REQUEST.SESSION in one or more of your scripts or views.
The first case would not be a problem. I expect one could easily detect the lack of userdata, and skip altering the session, and in that case would not an addScript let me solve this without resort to external methods, or product code?
addScript... sure, doing it this way is likely easy for any given application. It just can't be solved generally for all applications because there's no easily-overrideable "do this at login time" hook built in to "stock" Zope (although there are definitely hooks for this in PAS and probably in exUserFolder too).
- C
participants (2)
-
Chris McDonough -
Gaute Amundsen