[web2py] Re: sessions and logout
Thank you very much! Everything is clear to me now. On Saturday, January 4, 2014 7:48:34 PM UTC+1, Anthony wrote: - A session file is created associated to a user each time that user logs in. Is this ok? Yes, it is OK. - My users make a login through auth.login_bare(user, password), does this create a session file then? Yes. - What should be the code to remove the session file of a user when he/she makes a logout? The session filename is stored in response.session_filename, so you could do it in an onlogout callback. Perhaps we should make this the default whenever session.renew() is called (which happens by default when someone logs in or out), since the old file gets abandoned at that point. Maybe open an issue on Google Code and refer to this post. Also, there is a script you can use to periodically clean up the sessions: https://github.com/web2py/web2py/blob/master/scripts/sessions2trash.py - I've set my auth.settings.expiration to 9, does this affect to sessions too? As far as I know it only affects to when an inactive user is automatically logged out, is this correct? That won't affect the session. However, if you use the remember me option at login, then auth.settings.long_expiration will determine how long the session cookie remains valid (still won't have any effect on keeping/removing the session file itself, though). - Testing this I've seen that with no logged users in my server, if I manually remove the sessions files, some of them are created again!! Why and how? As I said I have no users logged in the server. A session file is created whenever a new visitor visits the site and anything is saved to the session (whether or not the user is logged in). Sessions are not used only for logged in users, but can be used for any visitor. If you navigate to a page with a form (e.g., the login or register pages), for example, the session will be used (to store the CSRF token) -- even if you don't actually submit the form. Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Re: sessions and logout
Hello Massimo, Thank you very much for your answer. I've made a copypaste of your code, my code is now: def logout(): if auth.user: auth.logout(logout_onlogout=lambda user: session.auth=None) but I get a invalid syntax error in line 154 char 61 trying to save the file: line 154 is auth.logout(logout_onlogout=lambda user: session.auth=None) and char 61 is '='. what am i doing wrong? On Saturday, January 4, 2014 3:38:06 AM UTC+1, Massimo Di Pierro wrote: No because auth.logout(next=...) redirects to he value of next. Next defaults to auth.settings.logout_next which is set to URL('index') What you want is: def logout(): auth.logout(logout_onlogout=lambda user: session.auth=None) On Friday, 3 January 2014 19:44:43 UTC-6, Wonton wrote: Hello everyone, Recently I suffered the problem with the number of session files growing very fast in my server. This worried me a lot because the server is a development environment with only 4 or 5 testers, so when the number of users is higher I guess I will have a big problem with this issue. I've tried to investigate about this but I'm not expert working with web2py or with servers, so I have some questions: - A session file is created associated to a user each time that user logs in. Is this ok? - My users make a login through auth.login_bare(user, password), does this create a session file then? - What should be the code to remove the session file of a user when he/she makes a logout? - I've set my auth.settings.expiration to 9, does this affect to sessions too? As far as I know it only affects to when an inactive user is automatically logged out, is this correct? - Testing this I've seen that with no logged users in my server, if I manually remove the sessions files, some of them are created again!! Why and how? As I said I have no users logged in the server. Regarding to the logout problem I've seen that my logout method is as simple as this: def logout(): if auth.user: auth.log_event(auth.messages.logout_log, auth.user) session.auth = None I don't really make a logout of the user so I change my method to this: def logout(): if auth.user: print 'check 1' auth.logout() print 'check 2' session.auth = None But when this method is called, the output is this: check1 check 2 is never printed so, has the user actually make a logout? I know they are a lot of questions, but any kind of help will be very appreciated. Kind regards! -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Re: sessions and logout
Try: auth.logout(onlogout=lambda user: session.update({'auth':None})) On Saturday, 4 January 2014 05:56:23 UTC-6, Wonton wrote: Hello Massimo, Thank you very much for your answer. I've made a copypaste of your code, my code is now: def logout(): if auth.user: auth.logout(logout_onlogout=lambda user: session.auth=None) but I get a invalid syntax error in line 154 char 61 trying to save the file: line 154 is auth.logout(logout_onlogout=lambda user: session.auth=None)and char 61 is '='. what am i doing wrong? On Saturday, January 4, 2014 3:38:06 AM UTC+1, Massimo Di Pierro wrote: No because auth.logout(next=...) redirects to he value of next. Next defaults to auth.settings.logout_next which is set to URL('index') What you want is: def logout(): auth.logout(logout_onlogout=lambda user: session.auth=None) On Friday, 3 January 2014 19:44:43 UTC-6, Wonton wrote: Hello everyone, Recently I suffered the problem with the number of session files growing very fast in my server. This worried me a lot because the server is a development environment with only 4 or 5 testers, so when the number of users is higher I guess I will have a big problem with this issue. I've tried to investigate about this but I'm not expert working with web2py or with servers, so I have some questions: - A session file is created associated to a user each time that user logs in. Is this ok? - My users make a login through auth.login_bare(user, password), does this create a session file then? - What should be the code to remove the session file of a user when he/she makes a logout? - I've set my auth.settings.expiration to 9, does this affect to sessions too? As far as I know it only affects to when an inactive user is automatically logged out, is this correct? - Testing this I've seen that with no logged users in my server, if I manually remove the sessions files, some of them are created again!! Why and how? As I said I have no users logged in the server. Regarding to the logout problem I've seen that my logout method is as simple as this: def logout(): if auth.user: auth.log_event(auth.messages.logout_log, auth.user) session.auth = None I don't really make a logout of the user so I change my method to this: def logout(): if auth.user: print 'check 1' auth.logout() print 'check 2' session.auth = None But when this method is called, the output is this: check1 check 2 is never printed so, has the user actually make a logout? I know they are a lot of questions, but any kind of help will be very appreciated. Kind regards! -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Re: sessions and logout
Is logout_onlogout= or onlogout=, both ways have no errors and I guess the logout has been made correctly. If I put again the prints: def logout(): if auth.user: print 'check 1' auth.logout(logout_onlogout=lambda user: session.update({'auth':None})) print 'check 2' check 2 doesn't appear, but I guess is because of what you said in your previous post, logout redirects automatically to index, so ok. I think my logout problem is solved, thak you very much again. If you don't mind I will write again my questions about sessions (I still have problems trying to understand how they work), just in case anyone has any clue about this: - A session file is created associated to a user each time that user logs in. Is this ok? - My users make a login through auth.login_bare(user, password), does this create a session file then? - What should be the code to remove the session file of a user when he/she makes a logout? - I've set my auth.settings.expiration to 9, does this affect to sessions too? As far as I know it only affects to when an inactive user is automatically logged out, is this correct? - Testing this I've seen that with no logged users in my server, if I manually remove the sessions files, some of them are created again!! Why and how? As I said I have no users logged in the server. On Saturday, January 4, 2014 1:20:29 PM UTC+1, Massimo Di Pierro wrote: Try: auth.logout(onlogout=lambda user: session.update({'auth':None})) On Saturday, 4 January 2014 05:56:23 UTC-6, Wonton wrote: Hello Massimo, Thank you very much for your answer. I've made a copypaste of your code, my code is now: def logout(): if auth.user: auth.logout(logout_onlogout=lambda user: session.auth=None) but I get a invalid syntax error in line 154 char 61 trying to save the file: line 154 is auth.logout(logout_onlogout=lambda user: session.auth=None)and char 61 is '='. what am i doing wrong? On Saturday, January 4, 2014 3:38:06 AM UTC+1, Massimo Di Pierro wrote: No because auth.logout(next=...) redirects to he value of next. Next defaults to auth.settings.logout_next which is set to URL('index') What you want is: def logout(): auth.logout(logout_onlogout=lambda user: session.auth=None) On Friday, 3 January 2014 19:44:43 UTC-6, Wonton wrote: Hello everyone, Recently I suffered the problem with the number of session files growing very fast in my server. This worried me a lot because the server is a development environment with only 4 or 5 testers, so when the number of users is higher I guess I will have a big problem with this issue. I've tried to investigate about this but I'm not expert working with web2py or with servers, so I have some questions: - A session file is created associated to a user each time that user logs in. Is this ok? - My users make a login through auth.login_bare(user, password), does this create a session file then? - What should be the code to remove the session file of a user when he/she makes a logout? - I've set my auth.settings.expiration to 9, does this affect to sessions too? As far as I know it only affects to when an inactive user is automatically logged out, is this correct? - Testing this I've seen that with no logged users in my server, if I manually remove the sessions files, some of them are created again!! Why and how? As I said I have no users logged in the server. Regarding to the logout problem I've seen that my logout method is as simple as this: def logout(): if auth.user: auth.log_event(auth.messages.logout_log, auth.user) session.auth = None I don't really make a logout of the user so I change my method to this: def logout(): if auth.user: print 'check 1' auth.logout() print 'check 2' session.auth = None But when this method is called, the output is this: check1 check 2 is never printed so, has the user actually make a logout? I know they are a lot of questions, but any kind of help will be very appreciated. Kind regards! -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Re: sessions and logout
it is either auth.settings.logout_onlogout = ... or auth.logout(onlogout= ...) As I answered in my previous response. logout always redirects so check2 will never be printed. On Saturday, 4 January 2014 06:32:39 UTC-6, Wonton wrote: Is logout_onlogout= or onlogout=, both ways have no errors and I guess the logout has been made correctly. If I put again the prints: def logout(): if auth.user: print 'check 1' auth.logout(logout_onlogout=lambda user: session.update({'auth':None})) print 'check 2' check 2 doesn't appear, but I guess is because of what you said in your previous post, logout redirects automatically to index, so ok. I think my logout problem is solved, thak you very much again. If you don't mind I will write again my questions about sessions (I still have problems trying to understand how they work), just in case anyone has any clue about this: - A session file is created associated to a user each time that user logs in. Is this ok? - My users make a login through auth.login_bare(user, password), does this create a session file then? - What should be the code to remove the session file of a user when he/she makes a logout? - I've set my auth.settings.expiration to 9, does this affect to sessions too? As far as I know it only affects to when an inactive user is automatically logged out, is this correct? - Testing this I've seen that with no logged users in my server, if I manually remove the sessions files, some of them are created again!! Why and how? As I said I have no users logged in the server. On Saturday, January 4, 2014 1:20:29 PM UTC+1, Massimo Di Pierro wrote: Try: auth.logout(onlogout=lambda user: session.update({'auth':None})) On Saturday, 4 January 2014 05:56:23 UTC-6, Wonton wrote: Hello Massimo, Thank you very much for your answer. I've made a copypaste of your code, my code is now: def logout(): if auth.user: auth.logout(logout_onlogout=lambda user: session.auth=None) but I get a invalid syntax error in line 154 char 61 trying to save the file: line 154 is auth.logout(logout_onlogout=lambda user: session.auth=None)and char 61 is '='. what am i doing wrong? On Saturday, January 4, 2014 3:38:06 AM UTC+1, Massimo Di Pierro wrote: No because auth.logout(next=...) redirects to he value of next. Next defaults to auth.settings.logout_next which is set to URL('index') What you want is: def logout(): auth.logout(logout_onlogout=lambda user: session.auth=None) On Friday, 3 January 2014 19:44:43 UTC-6, Wonton wrote: Hello everyone, Recently I suffered the problem with the number of session files growing very fast in my server. This worried me a lot because the server is a development environment with only 4 or 5 testers, so when the number of users is higher I guess I will have a big problem with this issue. I've tried to investigate about this but I'm not expert working with web2py or with servers, so I have some questions: - A session file is created associated to a user each time that user logs in. Is this ok? - My users make a login through auth.login_bare(user, password), does this create a session file then? - What should be the code to remove the session file of a user when he/she makes a logout? - I've set my auth.settings.expiration to 9, does this affect to sessions too? As far as I know it only affects to when an inactive user is automatically logged out, is this correct? - Testing this I've seen that with no logged users in my server, if I manually remove the sessions files, some of them are created again!! Why and how? As I said I have no users logged in the server. Regarding to the logout problem I've seen that my logout method is as simple as this: def logout(): if auth.user: auth.log_event(auth.messages.logout_log, auth.user) session.auth = None I don't really make a logout of the user so I change my method to this: def logout(): if auth.user: print 'check 1' auth.logout() print 'check 2' session.auth = None But when this method is called, the output is this: check1 check 2 is never printed so, has the user actually make a logout? I know they are a lot of questions, but any kind of help will be very appreciated. Kind regards! -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Re: sessions and logout
- A session file is created associated to a user each time that user logs in. Is this ok? Yes, it is OK. - My users make a login through auth.login_bare(user, password), does this create a session file then? Yes. - What should be the code to remove the session file of a user when he/she makes a logout? The session filename is stored in response.session_filename, so you could do it in an onlogout callback. Perhaps we should make this the default whenever session.renew() is called (which happens by default when someone logs in or out), since the old file gets abandoned at that point. Maybe open an issue on Google Code and refer to this post. Also, there is a script you can use to periodically clean up the sessions: https://github.com/web2py/web2py/blob/master/scripts/sessions2trash.py - I've set my auth.settings.expiration to 9, does this affect to sessions too? As far as I know it only affects to when an inactive user is automatically logged out, is this correct? That won't affect the session. However, if you use the remember me option at login, then auth.settings.long_expiration will determine how long the session cookie remains valid (still won't have any effect on keeping/removing the session file itself, though). - Testing this I've seen that with no logged users in my server, if I manually remove the sessions files, some of them are created again!! Why and how? As I said I have no users logged in the server. A session file is created whenever a new visitor visits the site and anything is saved to the session (whether or not the user is logged in). Sessions are not used only for logged in users, but can be used for any visitor. If you navigate to a page with a form (e.g., the login or register pages), for example, the session will be used (to store the CSRF token) -- even if you don't actually submit the form. Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Re: sessions and logout
No because auth.logout(next=...) redirects to he value of next. Next defaults to auth.settings.logout_next which is set to URL('index') What you want is: def logout(): auth.logout(logout_onlogout=lambda user: session.auth=None) On Friday, 3 January 2014 19:44:43 UTC-6, Wonton wrote: Hello everyone, Recently I suffered the problem with the number of session files growing very fast in my server. This worried me a lot because the server is a development environment with only 4 or 5 testers, so when the number of users is higher I guess I will have a big problem with this issue. I've tried to investigate about this but I'm not expert working with web2py or with servers, so I have some questions: - A session file is created associated to a user each time that user logs in. Is this ok? - My users make a login through auth.login_bare(user, password), does this create a session file then? - What should be the code to remove the session file of a user when he/she makes a logout? - I've set my auth.settings.expiration to 9, does this affect to sessions too? As far as I know it only affects to when an inactive user is automatically logged out, is this correct? - Testing this I've seen that with no logged users in my server, if I manually remove the sessions files, some of them are created again!! Why and how? As I said I have no users logged in the server. Regarding to the logout problem I've seen that my logout method is as simple as this: def logout(): if auth.user: auth.log_event(auth.messages.logout_log, auth.user) session.auth = None I don't really make a logout of the user so I change my method to this: def logout(): if auth.user: print 'check 1' auth.logout() print 'check 2' session.auth = None But when this method is called, the output is this: check1 check 2 is never printed so, has the user actually make a logout? I know they are a lot of questions, but any kind of help will be very appreciated. Kind regards! -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.