Best way to clean up "logged-out" sessions immly

Hi,

'am running CP2.2.1 (TG1.0b1) with Digest/Basic Auth.
Since there is standards based way to tell the browser
to "cleanup auth info of the logged-in session", I
was
hoping to use session info on the server side to enforce
logged-out sessions.

As soon as a user explicitely logs-out of the app, how can
implement immediate (ie, force the start of a new cleanup
thread right aways) session data cleanup. That ways, if the
users tries to access a page again after a logout, I can
at least check to see if the session info is gone - and if
its gone, can redirect the user to a new login.

Thanks,
/venkat


--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the
Google Groups "cherrypy-users" group.
To post to this group, send email to cherrypy-usersgooglegroups.com
To unsubscribe from this group, send email to
cherrypy-users-unsubscribegooglegroups.com
For more options, visit this group at http://groups-beta.google.com/group/cherrypy-users?hl=en

-~----------~----~----~----~------~----~------~--~---

"venkatbo" <achari77gmail.com> writes:

> Hi,
>
> 'am running CP2.2.1 (TG1.0b1) with Digest/Basic Auth.
> Since there is standards based way to tell the browser
> to "cleanup auth info of the logged-in
session", I was
> hoping to use session info on the server side to
enforce
> logged-out sessions.
>
> As soon as a user explicitely logs-out of the app, how
can
> implement immediate (ie, force the start of a new
cleanup
> thread right aways) session data cleanup. That ways, if
the
> users tries to access a page again after a logout, I
can
> at least check to see if the session info is gone - and
if
> its gone, can redirect the user to a new login.

You can explicitly start a new thread to do that in your
logout method...
There you can do the cleanup or start a new thread/process
to do that and
return immediately to the user.

Take a look at the identity code and the logout controller.

-- 
Jorge Godoy      <jgodoygmail.com>

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the
Google Groups "cherrypy-users" group.
To post to this group, send email to cherrypy-usersgooglegroups.com
To unsubscribe from this group, send email to
cherrypy-users-unsubscribegooglegroups.com
For more options, visit this group at http://groups-beta.google.com/group/cherrypy-users?hl=en

-~----------~----~----~----~------~----~------~--~---

> Take a look at the identity code and the logout
controller.

Thanks Jorge.

I'm presuming you meant that I should look at the
s?provider.py
files under identity. Actually, in my TG-app, I'm not using
a db,
and hence 'am not using the identity modules. Nevertheless,
I
looked at the (two) providers for SO & SA, but could not
find the
kind of low level details I was hoping to find in CP's
sessionfilter.

Basically, I think what needs to happen when my
"logout" in the
root ctrlr is invoked, is that I should somehow be able to
trigger
the "termination" and "clean_up" of my
session, in the lines of
what is done in sessionfiler - but needs to be triggered
asap
(via a thread possibly). I was hoping to find hi-level api's
to
"mark" the end of a session and ensure it is
"cleaned_up"
asap. That way's if the users tries to re-access a url, I
have
a good chance of redirecting them to a login...

Is the option to create a "output filter" in the
lines of sessionfilter
so the clean up happens rightaways, rather than wait for the
"previously determined expiration time" to be met.

Thanks much,
/venkat


--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the
Google Groups "cherrypy-users" group.
To post to this group, send email to cherrypy-usersgooglegroups.com
To unsubscribe from this group, send email to
cherrypy-users-unsubscribegooglegroups.com
For more options, visit this group at http://groups-beta.google.com/group/cherrypy-users?hl=en

-~----------~----~----~----~------~----~------~--~---