Hi, I'm using web2py locally, v. 1.93.2, win 7, postgres.
With respect to login expiration (without using 'remember me'), isn't it applied/validated only after a period of inactivity (e.g. after the default 1 hour) _after_ the last active web request?. Shoudn't the base expiration date/time (session.auth.last_visit) be reset after every web request, such that the user is not suddenly logout as long as he remains 'active'?. I thought this was the current behavior, after checking Auth.__init__ in tools.py, where the following is executed: auth.last_visit = request.now But for some reason that does not get saved in the session, because for every request after login, I can see that session.auth.last_visit remains unchanged, with the original date/time that was set at login (regardless of the subsequent web requests), which affects the login expiration process. Is it only me or is anyone else having this problem too?. Thanks, Carlos
