[Zope] Expiring sessions

Stuart 'Zen' Bishop zen@cs.rmit.edu.au
Fri, 4 Feb 2000 09:05:31 +1100 (EST)


On Wed, 2 Feb 2000, Timothy Grant wrote:

> I'm using SQLSession, and would love to expire a session, but don't know
> how to do so.

The current release dosn't have this functionality (its documented
in the code as something to do).

If may be possible to do the following in an InitSession DTML method:

<dtml-let expiretime="something to calculate now + how many minutes">
<dtml-var Session>
<dtml-call "RESPONSE.setCookie('_SQLSession',RESPONSE.cookies['_SQLSession'],
    expires=expiretime)">
</dtml-let>

Note that expiretime will need to be in the cookie specific format
that I can't remember right now.


> My situation is this. I have an app with a "welcome" screen with links
> to a number of other pages that have various functionality. As long as
> my user has a "current" session open, I want to keep session management
> running, but if they leave the browser and come back then I want to
> force a new session. I don't really know how best to do that as the main
> screen is displayed regularly in "normal" operations, I can't clear my
> session everytime that that page displays. I also need to know what the
> best method of clearing out the SQL DB. is when a session expires.

Are your users being authenticeted using some for of cookie authentication
(UserDB, etcUserFolder, GUF, LDAPadaptor etc)? If so, you could force
new session creation in the login screen and rely on the authentication
cookie expiring (GUF implements this, don't know about the others).

-- 
 ___
   //     Zen (alias Stuart Bishop)     Work: zen@cs.rmit.edu.au
  // E N  Senior Systems Alchemist      Play: zen@shangri-la.dropbear.id.au
 //__     Computer Science, RMIT 	 WWW: http://www.cs.rmit.edu.au/~zen