RE: [Zope] Session Timeout Troubles
Thank you for your reply. I'm guessing that yes, Zope is using session cookies in this setup. Unfortunately, the people who did the original configuration and setup are no longer with my company, so I can't ask directly. How would I be able to tell if it's set one way or another? I certainly see nothing about cookie auth in the zope.conf file. (I'm hitting the Zope server directly (not going through our Apache front-end) to make sure I'm only dealing with a Zope issue. Thanks Again, Robin = Robin Sale, Software Engineer Specialized Technology Resources, Inc. 10 Water Street Enfield CT 06082-4899 USA [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maciej Wisniowski Sent: Thursday, January 25, 2007 3:22 PM To: Sale, Robin Cc: zope@zope.org Subject: Re: [Zope] Session Timeout Troubles > I've looked at the debugging page in the control panel, but it doesn't > tell me anything I recognize as useful. Are you sure that your authentication uses session? Maybe it uses cookies? Try to set variable in the session on one page and display this on the other one. Then wait for 15-20 minutes and see what happens. Another thing that may cause this is session-resolution-seconds setting in your zope.conf - this affect session timeout value. -- Maciej Wisniowski ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Session Timeout Troubles
Dieter, Thank you for your reply. Originally was a customer-driven need to have them as long as possible for some time, but now there is a management need to make sessions as short as possible to increase security. My big concern is that my predecessor may have done some serious deep-down hacking to make sessions not time out until the browser is closed to stop the whining. He's not around anymore and I'm not as much of an expert as him. What I'm doing: Visit a simple HTML page that has a link to a second ... all of which is contained within a folder that requires authenticated user to view. I go to server:8080/page_path/page_name and have to log in. I do so, and see the page. Now, I wait 20,30, 45 minutes, even an hour and click on the link to server:8080/page_path/page_name2. What I WANT to happen is to be forced to provide my credentials if it's been sitting longer than 15 minutes. What IS happening is that I simply get the page. The zope.conf is set with a session-timeout-minutes 15. I've looked at the debugging page in the control panel, but it doesn't tell me anything I recognize as useful. = Robin Sale, Software Engineer Specialized Technology Resources, Inc. 10 Water Street Enfield CT 06082-4899 USA [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dieter Maurer Sent: Thursday, January 25, 2007 1:28 PM To: Sale, Robin Cc: zope@zope.org Subject: Re: [Zope] Session Timeout Troubles Sale, Robin wrote at 2007-1-25 09:59 -0500: > ... >I've recently been asked to set the system to user sessions time out >after 15 minutes of activity. I've changed the setting in our zope.conf >file (the session timeout value) and restarted zope. However, if I open >a page on the site that requires logon and log in, then leave the >browser alone for 15 or 20 minutes or even an hour, when I click on a >link, it doesn't force me to re-authenticate... it just works as normal. I have never heard of such a behaviour -- and it is almost unbelievable. In any such case (unbelievable behaviour), I always use a powerfull tool (the debugger in this case) to shed light into the behaviour. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Session Timeout Troubles
Andreas, thank you for replying. Actually, the problem I have is the reverse - the sessions NEVER seem to time out. I have a directive from up on high to make it so that 15 minutes of inactivity within any location on the site (All of which is password protected under acl_users or acl_users(group aware) setup.) It seems like no matter what I do to the session-timeout-minutes value in zope.conf, as long as the user keeps their browser open, they can continue to use the site even if they are idle for an hour or more... I have the session-timeout-minutes set to 15 and have set the session-resolution-seconds value to 20 seconds as well and restarted Zope and yet it seems to not make a difference. Thank you, Robin = Robin Sale, Software Engineer Specialized Technology Resources, Inc. 10 Water Street Enfield CT 06082-4899 USA [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andreas Jung Sent: Thursday, January 25, 2007 10:08 AM To: Sale, Robin; zope@zope.org Subject: Re: [Zope] Session Timeout Troubles --On 25. Januar 2007 09:59:44 -0500 "Sale, Robin" <[EMAIL PROTECTED]> wrote: > Hi, > > We're using Zope 2.8.8 with a bunch of client sites set up in various > sub directories / databases. We're using ZEO for the database storage > and a local zodb file for the temporary data. > > I've recently been asked to set the system to user sessions time out > after 15 minutes of activity. I've changed the setting in our zope.conf > file (the session timeout value) and restarted zope. However, if I open > a page on the site that requires logon and log in, then leave the > browser alone for 15 or 20 minutes or even an hour, when I click on a > link, it doesn't force me to re-authenticate... it just works as normal. You can configure the session timeout and the max. number of session objects. Perhaps you have more user sessions than configured so some sessions might be deleted before the timeout? Andreas ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Session Timeout Troubles
Hi, We're using Zope 2.8.8 with a bunch of client sites set up in various sub directories / databases. We're using ZEO for the database storage and a local zodb file for the temporary data. I've recently been asked to set the system to user sessions time out after 15 minutes of activity. I've changed the setting in our zope.conf file (the session timeout value) and restarted zope. However, if I open a page on the site that requires logon and log in, then leave the browser alone for 15 or 20 minutes or even an hour, when I click on a link, it doesn't force me to re-authenticate... it just works as normal. I'm hoping someone could tell me if there's other stuff I need to do to make the session time out and force reauthentication at the server level (rather than having to add code to every user site, as we have over 500 different ones and I'm not sure there's something common enough for me to hook into if I have to alter code on the sites themselves to enable this. It's okay if I get back a response that it can't be done, but I have to be able to provide my boss with a difinitive answer. Thank You, Robin Sale = Robin Sale, Software Engineer Specialized Technology Resources, Inc. 10 Water Street Enfield CT 06082-4899 USA [EMAIL PROTECTED] ICQ: 190327116 +1 860 749-8371 Ext. 336 Telephone +1 860 749-9158 Fax ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] CopyError NoData
Dieter, Ah HAH!... Blowing out cookies and temporary internet files on the affected browsers and restarting the Apache server that we use to front-end our Zope instances seems to have fixed it. Thank you for your response, as you have surely saved me a trip to the loony bin. Cheers, Robin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dieter Maurer Sent: Wednesday, November 22, 2006 2:08 PM To: Sale, Robin Cc: zope@zope.org Subject: Re: [Zope] CopyError NoData Sale, Robin wrote at 2006-11-21 12:39 -0500: >Anyone ever had or heard of this problem?? > >Trying to copy and then paste any object using the ZMI results in a >CopyError where the message is that there was no data (CopyError, >eNoData). This is on a server that was working fine yesterday. There are >no error message logs except the standard traceback for the CopyError >when performing the paste (in other words, the copy did not raise any >flags) The objects to be copied are maintained in a cookie. If cookies are disabled or discarded, the behaviour is exactly as you descibe it. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )