[Zope] Cookies...

Jules zope@jules.com
Sun, 6 Feb 2000 13:14:04 -0500


On Sun, Feb 06, 2000 at 03:27:16PM +0000, Juri Jensen wrote:
|Is it possible to set some kind of expiration time for users when they
|haven't done anything for a while...?

Juri:

<executive summary>
No.
</executive summary>

</geek answer>
This is an HTTP thing, not a Zope thing. The problem is that the browser
is passing the user's name and password in the HTTP headers each time
you request something from Zope (or indeed any protected resource from
any Web server). So unless you programatically invalidate the password
(bad, as it would confuse the heck out of the user), there's no real
way to have a user 'log out'. The upside of this is that having an idle
user doesn't use any resources on your Web server. When the Zope
Portal Toolkit comes out, I believe it supports the concept of sessions
-- these generally do use server side resources if the client doesn't
support cookies -- and a timeout may be possible with it.
</geek answer>

Good luck!

Cheers,
Jules