FYI: Regarding my last two questions: the expiration is set in auth.settings, but since I was using the session in memcache and the default_time_expire in memche is 300 seconds, what I think is happening is that the session in memcache is expiring, even though the session in auth.settings is not.
That means no data can be recovered from memcache for the session, and thus the session expires. I see several problems here: - the memcache session does not get updated, even though I am doing accesses (in this case @service.jsonrpc accesses). I mean, this key should be refreshed in memcache since I am accessing it (its ttl must be reset). Just reading the session is not enough: it must be updated too, otherwise it will expire! - auth.settings.expiration is not useful if the memcache time_expire is smaller - session.auth.last_visit does not get updated in @service.jsonrpc accesses Or maybe I am misunderstanding the expiration concept: it could be that only login actions are supposed to refresh the session. But this looks a bit strange to me: as long as the client is sending requests, the session should remain active! Whenever an *inactivity* (meaning, no requests at all) period longer than auth.settings.expiration has passed, the session should expire. Is this how things should work with the current implementation? On Tuesday, January 15, 2013 1:26:48 PM UTC+1, Daniel Gonzalez wrote: > > And even worse: I am setting, for testing: > > auth.settings.expiration = 3600 * 24 * 30 # one month > > But the session is expiring after 5 minutes anyway! What is happening here? > > On Tuesday, January 15, 2013 12:14:59 PM UTC+1, Daniel Gonzalez wrote: >> >> And a related question: my session is expiring after 5 minutes (300s). I >> am not setting the expiration time, and the default in >> Auth.default_settings.expiration is 3600. >> >> Where is the 300 coming from!?!? >> >> On Tuesday, January 15, 2013 11:57:03 AM UTC+1, Daniel Gonzalez wrote: >>> >>> Thanks Niphlod, >>> >>> I am now using: >>> >>> - session.auth.expiration >>> - session.auth.last_visit >>> >>> And I have realized about one (at least for me) unexpected thing: >>> accessing @service.jsonrpc controllers does not >>> reset session.auth.last_visit. Is this intended? >>> >>> On Tuesday, January 15, 2013 11:43:11 AM UTC+1, Niphlod wrote: >>>> >>>> session expiration is managed by auth.settings.expiration ... >>>> >>> --