Hi, I recently updated my python UF product to use Zope's built in Sessions instead of CST. Now I am faced with two problems: 1. How to completely expire all session stuff on logout. At this point of time I am using the following terminate session function to do so: def __terminate_session (Self,REQUEST): REQUEST.SESSION.invalidate() REQUEST.SESSION.getBrowserIdManager().flushBrowserIdCookie() so the question is : Is this enough?? or do I have to something more?? 2. How can I call my UF's user_logout function on expiry of the session?? In CST there was a field that allowed me to set up a method to be called on expiry. I didnt find any such option in the session_data_manager or browser_id_manager. So how do I do that?? TIA AM
On Tue, 2002-08-13 at 04:03, List Subscriber @ Neurobs wrote:
Hi,
I recently updated my python UF product to use Zope's built in Sessions instead of CST. Now I am faced with two problems:
1. How to completely expire all session stuff on logout. At this point of time I am using the following terminate session function to do so:
def __terminate_session (Self,REQUEST): REQUEST.SESSION.invalidate() REQUEST.SESSION.getBrowserIdManager().flushBrowserIdCookie()
Looks good to me.
2. How can I call my UF's user_logout function on expiry of the session??
In CST there was a field that allowed me to set up a method to be called on expiry. I didnt find any such option in the session_data_manager or browser_id_manager. So how do I do that??
This functionality has moved to the transient object container ('/temp_folder/session_data'). See http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Sessions.stx and search for " Using Session onAdd and onDelete Events". - C
Hi, Thanks for the answers. After review of the mentioned docs, I realize that is no surefire way to logout a user if a session initiated by him or her expires.. So how do I handle this thing?? How can I make sure that is a user's session expires he or she specifically gets properly logged out?? Is it even possible?? TIA AM Chris McDonough wrote:
2. How can I call my UF's user_logout function on expiry of the session??
In CST there was a field that allowed me to set up a method to be called on expiry. I didnt find any such option in the session_data_manager or browser_id_manager. So how do I do that??
This functionality has moved to the transient object container ('/temp_folder/session_data'). See http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Sessions.stx and search for " Using Session onAdd and onDelete Events".
- C
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Well, someone has implemented a Session User Folder (I spied it on Zope.org a while back) that might serve this purpose. Let's see if I can find it...aha! http://www.zope.org/Members/levi/SessionUserFolder . I've not used it so I'm not sure how it works... HTH, - C On Tue, 2002-08-13 at 07:25, List Subscriber @ Neurobs wrote:
Hi,
Thanks for the answers. After review of the mentioned docs, I realize that is no surefire way to logout a user if a session initiated by him or her expires.. So how do I handle this thing?? How can I make sure that is a user's session expires he or she specifically gets properly logged out?? Is it even possible??
TIA AM
Chris McDonough wrote:
2. How can I call my UF's user_logout function on expiry of the session??
In CST there was a field that allowed me to set up a method to be called on expiry. I didnt find any such option in the session_data_manager or browser_id_manager. So how do I do that??
This functionality has moved to the transient object container ('/temp_folder/session_data'). See http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Sessions.stx and search for " Using Session onAdd and onDelete Events".
- C
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Looked at it.... surprisingly it does not implement an explicit logout method. I guess once the session expires, it automatically logs out the user since auth info is maintained in the session object. Moreover I am using a customized user folder, but obviously can apply any changes required. So I am still stuck with the original problem. How to logout a user once a session he or she initiated expires?? Thanks AM Chris McDonough wrote:
Well, someone has implemented a Session User Folder (I spied it on Zope.org a while back) that might serve this purpose. Let's see if I can find it...aha! http://www.zope.org/Members/levi/SessionUserFolder . I've not used it so I'm not sure how it works...
HTH,
- C
On Tue, 2002-08-13 at 07:25, List Subscriber @ Neurobs wrote:
Hi,
Thanks for the answers. After review of the mentioned docs, I realize that is no surefire way to logout a user if a session initiated by him or her expires.. So how do I handle this thing?? How can I make sure that is a user's session expires he or she specifically gets properly logged out?? Is it even possible??
TIA AM
Chris McDonough wrote:
2. How can I call my UF's user_logout function on expiry of the session??
In CST there was a field that allowed me to set up a method to be called on expiry. I didnt find any such option in the session_data_manager or browser_id_manager. So how do I do that??
This functionality has moved to the transient object container ('/temp_folder/session_data'). See http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Sessions.stx and search for " Using Session onAdd and onDelete Events".
- C
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Currently, sessions have nothing to do whatsoever with Zope authentication, so there's no "right way" to do this short of writing your own user folder implementation (or extending an existing one). - C ----- Original Message ----- From: "List Subscriber @ Neurobs" <list_subscriber@neurobs.com> To: "Chris McDonough" <chrism@zope.com> Cc: <zope@zope.org> Sent: Thursday, August 15, 2002 2:28 AM Subject: Re: [Zope] Sessions question
Looked at it.... surprisingly it does not implement an explicit logout method. I guess once the session expires, it automatically logs out the user since auth info is maintained in the session object.
Moreover I am using a customized user folder, but obviously can apply any changes required.
So I am still stuck with the original problem. How to logout a user once a session he or she initiated expires??
Thanks AM
Chris McDonough wrote:
Well, someone has implemented a Session User Folder (I spied it on Zope.org a while back) that might serve this purpose. Let's see if I can find it...aha! http://www.zope.org/Members/levi/SessionUserFolder . I've not used it so I'm not sure how it works...
HTH,
- C
On Tue, 2002-08-13 at 07:25, List Subscriber @ Neurobs wrote:
Hi,
Thanks for the answers. After review of the mentioned docs, I realize that is no surefire way to logout a user if a session initiated by him or her expires.. So how do I handle this thing?? How can I make sure that is a user's session expires he or she specifically gets properly logged out?? Is it even possible??
TIA AM
Chris McDonough wrote:
2. How can I call my UF's user_logout function on expiry of the session??
In CST there was a field that allowed me to set up a method to be called on expiry. I didnt find any such option in the session_data_manager or browser_id_manager. So how do I do that??
This functionality has moved to the transient object container ('/temp_folder/session_data'). See
http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Sessi ons.stx
and search for " Using Session onAdd and onDelete Events".
- C
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
oook. :) well since sessions know nothing about authentication, therefore they dont know who created them and thus cant logout the user who created them on expiry. so then how would one go about checking inactivity on part of a user. for e.g. User logged in at t = 0 mins. A cookie is set that records the login time. user worked on the site and finished work at time t = x at time t = x+20 user times out and user is logged out. How do I implement the method that polls the system clock vs the cookie set at logon vs last hit time (provided I record the last hit time too (damn this is getting confusing!!!) ) Can it even be done or am I just being wishful ??? TIA AM Chris McDonough wrote:
Currently, sessions have nothing to do whatsoever with Zope authentication, so there's no "right way" to do this short of writing your own user folder implementation (or extending an existing one).
- C
I'm sorry, I dont understand. You don't need to check inactivity (that's the responsibility of the session machinery). You just need to check for the availability of keys and values within the session. This is what the SessionUserFolder implementation does. Whether someone is "logged in" or "logged out" is kept track of within his session data object. If the session data object expires, you assume he has logged out. Does this make sense? ----- Original Message ----- From: "List Subscriber @ Neurobs" <list_subscriber@neurobs.com> To: "Chris McDonough" <chrism@zope.com>; <zope@zope.org> Sent: Thursday, August 15, 2002 4:29 AM Subject: Re: [Zope] Sessions question
oook. :) well since sessions know nothing about authentication, therefore they dont know who created them and thus cant logout the user who created them on expiry.
so then how would one go about checking inactivity on part of a user. for e.g.
User logged in at t = 0 mins. A cookie is set that records the login time. user worked on the site and finished work at time t = x at time t = x+20 user times out and user is logged out.
How do I implement the method that polls the system clock vs the cookie set at logon vs last hit time (provided I record the last hit time too (damn this is getting confusing!!!) )
Can it even be done or am I just being wishful ???
TIA AM
Chris McDonough wrote:
Currently, sessions have nothing to do whatsoever with Zope authentication, so there's no "right way" to do this short of writing your own user folder implementation (or extending an existing one).
- C
participants (2)
-
Chris McDonough -
List Subscriber @ Neurobs