suggestion for variable session timeouts

I'm trying to add some typical functionality for variable
length
session timeouts for a login page. Selecting a
"remember me" checkbox
would make the session last longer than the default value.

So far, I've made a subclass of Session, where its _save()
method
persists the timeout attribute to the database, and the
_load() method
also sets it from the db. This allows per-user timeout
values, instead
of a single application-wide value. So from a handler, I can
then
write:

cherrypy.session.timeout = 43200  # 30 days

The problem I'm having is that there's no way (um, is
there?) to
programmatically set the session cookie's expiration value
also. I
want to adjust this to match the session timeout.

In sessions.py, init() is where the cookie parameters get
set.
SessionTool hooks init() into
"before_request_body," so the session
cookie gets set before the handler runs.

The workaround is to have the cookie expiration set to a
high value,
>=  all possible session timeout values. But does it make
sense,
perhaps in 3.1, to move the cookie generation code into
save(), or an
entirely separate function that also gets called at
"before_finalize"?
At that point, the cookie expiration date could then be
calculated
based on Session state, which may or may not have changed
during the
handler.

I'd be grateful also if anyone knows of a better way...

Jeff


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "cherrypy-users" group.
To post to this group, send email to cherrypy-usersgooglegroups.com
To unsubscribe from this group, send email to
cherrypy-users-unsubscribegooglegroups.com
For more options, visit this group at h
ttp://groups.google.com/group/cherrypy-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Could you just store the expiration date in the session?
That way, each time you load a request, you could check
the date, and puff the session yourself if it has expired.



On 10/14/07, jeffcodefork <jeffcodefork.com> wrote:
>
> I'm trying to add some typical functionality for
variable length
> session timeouts for a login page. Selecting a
"remember me" checkbox
> would make the session last longer than the default
value.
>
> So far, I've made a subclass of Session, where its
_save() method
> persists the timeout attribute to the database, and the
_load() method
> also sets it from the db. This allows per-user timeout
values, instead
> of a single application-wide value. So from a handler,
I can then
> write:
>
> cherrypy.session.timeout = 43200  # 30 days
>
> The problem I'm having is that there's no way (um, is
there?) to
> programmatically set the session cookie's expiration
value also. I
> want to adjust this to match the session timeout.
>
> In sessions.py, init() is where the cookie parameters
get set.
> SessionTool hooks init() into
"before_request_body," so the session
> cookie gets set before the handler runs.
>
> The workaround is to have the cookie expiration set to
a high value,
> >=  all possible session timeout values. But does it
make sense,
> perhaps in 3.1, to move the cookie generation code into
save(), or an
> entirely separate function that also gets called at
"before_finalize"?
> At that point, the cookie expiration date could then be
calculated
> based on Session state, which may or may not have
changed during the
> handler.
>
> I'd be grateful also if anyone knows of a better
way...
>
> Jeff
>
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "cherrypy-users" group.
To post to this group, send email to cherrypy-usersgooglegroups.com
To unsubscribe from this group, send email to
cherrypy-users-unsubscribegooglegroups.com
For more options, visit this group at h
ttp://groups.google.com/group/cherrypy-users?hl=en
-~----------~----~----~----~------~----~------~--~---