Malcolm, I believe you and appreciate your advice, but you need to ease up. You're getting hung up on semantics. In this instance, I'm simply differentiating between a user clicking a link that says "Logout" (a.k.a, a manual logout) versus Django detecting the lack of a session cookie and redirecting the user to a login page (a.k.a., an automated logout). From the user's perspective, they have been automatically logged out.
With that out of the way, let's wrap this up. Please correct me if I'm incorrect in this psuedo-code description of the manual login/ automated logout process: 1. User access Django-based website. 2. Django generates a session cookie with an expiration date based upon SESSION_COOKIE_AGE. (In this example, it's set to 3600) 3. User logs in 4. User traverses website for one hour (3600 seconds) 5. Browser removes expired cookie 6. User attempts to click new link in Django-based website 7. Django detects the missing cookie 8. Django redirects user to login page 9. Django generates session cookie, inserts a new record into django.sessions, and leaves old session information in django.sessions table The problem I'm trying to solve at this point is to slip in a call to an audit method between Steps 6 and 8. As soon as Django realizes the user's session is gone, I'd like to audit the "idle logout" (again, this is from the user's perspective). By "audit", I mean store a database record in my person.audit table with the user's user ID and a message noting their session has expired. And I agree with you: I don't think this can be done and you (and others) have provided enough explanation to convince me that there is no simple solution. I just wanted to make sure we're all on the same page with respect to the problem I'm trying to resolve. On Mar 17, 9:35 pm, Malcolm Tredinnick <malc...@pointy-stick.com> wrote: > On Wed, 2009-03-18 at 01:28 +0000, Paulo Köch wrote: > > > Calling logout(), as the original poster requested doesn't achieve > > > anything (it does nothing). If it did do something, it would still be a > > > bad idea to call it, because the user could have already logged in again > > > and logging them out would be unfortunate. > > > Doesn't this generate a new session_id? > > More importantly it sets the user's status to be logged out. If they had > logged in again since their previous session expired, you have now just > logged them out again. In the web business we call that "not friendly". > > Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---