Oh and regarding your second question:
This behavior can be implied to the user's browser by not sending an
expiry header for the cookie that holds the session id. I don't know
if gaeutilities let's you specify this, but I would assume it does.
If you want to truly enforce it on the server side, you can add a
timestamp to your sessions in the datastore and not let the user
continue using a session if the session hasn't been requested for x
amount of time. The timestamp would be updated every time the session
is requested so that the session only expires if the user stops using
the page for a while (which would imply that the user has left the
page.)
On Jan 28, 3:02 pm, Blixt <andreasbl...@gmail.com> wrote:
> If you're familiar with Python:
> If you've got separate request handlers for the parts of the site that
> require login and the parts that don't, you can make a function
> descriptor that checks if the user is logged in before calling the
> actual function. If the user is not logged in, it redirects to a login
> page. Then you can use this descriptor on the get / post methods.
>
> Google provides this functionality with their @require_login
> descriptor that redirects to the Google Accounts login page if the
> user is not logged in, but this doesn't work when rolling your own
> authentication system, obviously.
>
> If you're not familiar with Python:
> The simplest way is probably to just make a function you can call that
> returns True if the user is logged in. If the user is not logged in,
> it redirects the user to your login page, then returns False. In your
> actual get / post method you check whether the result of this function
> is False, and if so, you leave the method:
>
> def logged_in(request):
> if [user is logged in]:
> return True
> request.redirect('/login')
> return False
>
> class UserSettings(webapp.RequestHandler):
> def get(self):
> if not logged_in(self): return
> # show page
>
> On Jan 28, 3:13 am, solidus <e.smolens...@gmail.com> wrote:
>
>
>
> > Hi all,
>
> > I'm new to appengine and somewhat new to web development. My question
> > is regarding proper ways to use sessions.
>
> > I'm currently messing around using the gaeutilities sessions module. I
> > have a basic login page and some content. The question is what is the
> > standard/best practice way to ensure that users aren't accessing parts
> > of your site (via direct URL) without first going through the login
> > screen?
>
> > Also, how does one go about deleting or clearing session data once the
> > user leaves the site without logging out first?
>
> > Thanks!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To post to this group, send email to google-appengine@googlegroups.com
To unsubscribe from this group, send email to
google-appengine+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/google-appengine?hl=en
-~----------~----~----~----~------~----~------~--~---
