Re: special session-time usecase

Thu, 31 May 2007 12:14:30 -0700 

That makes a lot more sense to me now, thanks for the explanation!
The only thing that worries me is repetition.  It seems like it would
get very repetitive implementing this inside every view in the entire
project.  Is there somewhere else you can check everytime a request is
made?


On May 31, 1:39 pm, ringemup <[EMAIL PROTECTED]> wrote:
> > I see what you are saying, but I want the user to be automatically
> > logged out after a period of inactivity for security purposes.
>
> Yes, this accomplishes that.
>
> > 1)  Do you mean I would check the last time they saved and then
> > compare it with a time limit everytime they alter a session?
>
> Yes, basically, except that you're setting a session parameter on
> every page load, which is what you're checking against, rather than
> against the last time the user saved something.
>
> > 2)  If the time limit has been surpassed, would I disallow the
> > transaction and then log them out?
>
> Yes.
>
> > I was hoping there was another way where somehow the system would
> > check constantly and expire old sessions and cookies automatically.
> > I'm still unsure how something could sit in the background and check
> > every minute, not  sure if its even possible.
>
> Why would you need to actively cause them to expire, as long as
> they're refused when someone tries to accomplish something with them?
> If you log the user out upon any request after the expiration time,
> you get the same effect.  The session becomes an expired session
> whether or not you delete the cookie, and whether or not the user ever
> returns to the site.  Not sure if I'm explaining this clearly.
>
> In pseudo-code...
>
> on every request:
>   if (session['last_activity'] > (now - 30min)):
>     user.logout()
>     session.destroy()
>     session.create()
>     session['last_activity'] = now
>     redirect('/login_url')
>   else:
>     session['last_activity'] = now
>     execute_requested_view()


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to