[Zope] Sessions question

Chris McDonough chrism@zope.com
Thu, 15 Aug 2002 16:43:10 -0400


I'm sorry, I dont understand.  You don't need to check inactivity
(that's the responsibility of the session machinery).  You just need
to check for the availability of keys and values within the session.
This is what the SessionUserFolder implementation does.   Whether
someone is "logged in" or "logged out" is kept track of within his
session data object.  If the session data object expires, you assume
he has logged out.  Does this make sense?



----- Original Message -----
From: "List Subscriber @ Neurobs" <list_subscriber@neurobs.com>
To: "Chris McDonough" <chrism@zope.com>; <zope@zope.org>
Sent: Thursday, August 15, 2002 4:29 AM
Subject: Re: [Zope] Sessions question


> oook. :) well since sessions know nothing about authentication,
> therefore they dont know who created them and thus cant logout the
user
> who created them on expiry.
>
> so then how would one go about checking inactivity on part of a
user.
> for e.g.
>
> User logged in at t = 0 mins.
> A cookie is set that records the login time.
> user worked on the site and finished work at time t = x
> at time t = x+20 user times out and user is logged out.
>
> How do I implement the method that polls the system clock vs the
cookie
> set at logon vs last hit time (provided I record the last hit time
too
> (damn this is getting confusing!!!) )
>
> Can it even be done or am I just being wishful ???
>
> TIA
> AM
>
> Chris McDonough wrote:
>
> >Currently, sessions have nothing to do whatsoever with Zope
> >authentication, so there's no "right way" to do this short of
> >writing your own user folder implementation (or extending an
> >existing one).
> >
> >- C
> >
>
>