List Info

Thread: special session-time usecase
special session-time usecase
country flaguser name
Germany		 2007-05-02 12:29:58 
Hi all,

I use django.contrib.sessions with
SESSION_EXPIRE_AT_BROWSER_CLOSE=True.

I need a way to expire a session on certain amount of time
of inactivity in the browser. 

Each new request to django should retrigger the expire
time.

Is there a possibility to modifiy the session module or
build a middleware which does this ?

Regards,
Dirk
-- 
"Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat
...
Jetzt GMX TopMail testen: http://www.gmx.net/d
e/go/topmail

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Re: special session-time usecase
country flaguser name
United States		 2007-05-31 11:54:05 
I also need to implement this type of feature.  Did you find
anything
on this?

On May 2, 12:29 pm, d...habmalnefrage.de wrote:
> Hi all,
>
> I use django.contrib.sessions with
SESSION_EXPIRE_AT_BROWSER_CLOSE=True.
>
> I need a way toexpireasessionon certain amount of time
of inactivity in the browser.
>
> Each new request to django should retrigger
theexpiretime.
>
> Is there a possibility to modifiy thesessionmodule or
build a middleware which does this ?
>
> Regards,
> Dirk
> --
> "Feel free" - 10 GB Mailbox, 100
FreeSMS/Monat ...
> Jetzt GMX TopMail testen:http://www.gmx.net/d
e/go/topmail


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Re: special session-time usecase
country flaguser name
United States		 2007-05-31 12:07:40 
Why not store a parameter in the session indicating when it
was last
saved.  On each page load, first check that parameter and if
it's too
long ago, discard the session and begin a new one.  Then
update the
parameter with the current time.

You may need middleware to accomplish this, but it ought to
be
extremely simple to implement.  It won't get rid of the
actual cookies
if the user doesn't return, but it will take care of
session
expiration, and the old cookies shouldn't matter, since they
contain
no session data except the ID, which you're invalidating
after a
certain amount of time anyway.


On May 31, 12:54 pm, tyman26 <twen...vltool.com> wrote:
> I also need to implement this type of feature.  Did you
find anything
> on this?
>
> On May 2, 12:29 pm, d...habmalnefrage.de wrote:
>
> > Hi all,
>
> > I use django.contrib.sessions with
SESSION_EXPIRE_AT_BROWSER_CLOSE=True.
>
> > I need a way toexpireasessionon certain amount of
time of inactivity in the browser.
>
> > Each new request to django should retrigger
theexpiretime.
>
> > Is there a possibility to modifiy thesessionmodule
or build a middleware which does this ?
>
> > Regards,
> > Dirk
> > --
> > "Feel free" - 10 GB Mailbox, 100
FreeSMS/Monat ...
> > Jetzt GMX TopMail testen:http://www.gmx.net/d
e/go/topmail


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Re: special session-time usecase
country flaguser name
United States		 2007-05-31 13:21:11 
I see what you are saying, but I want the user to be
automatically
logged out after a period of inactivity for security
purposes.

1)  Do you mean I would check the last time they saved and
then
compare it with a time limit everytime they alter a
session?
2)  If the time limit has been surpassed, would I disallow
the
transaction and then log them out?

I was hoping there was another way where somehow the system
would
check constantly and expire old sessions and cookies
automatically.
I'm still unsure how something could sit in the background
and check
every minute, not  sure if its even possible.


On May 31, 12:07 pm, ringemup <ringe...gmail.com> wrote:
> Why not store a parameter in the session indicating
when it was last
> saved.  On each page load, first check that parameter
and if it's too
> long ago, discard the session and begin a new one. 
Then update the
> parameter with the current time.
>
> You may need middleware to accomplish this, but it
ought to be
> extremely simple to implement.  It won't get rid of the
actual cookies
> if the user doesn't return, but it will take care of
session
> expiration, and the old cookies shouldn't matter, since
they contain
> no session data except the ID, which you're
invalidating after a
> certain amount of time anyway.
>
> On May 31, 12:54 pm, tyman26 <twen...vltool.com> wrote:
>
> > I also need to implement this type of feature. 
Did you find anything
> > on this?
>
> > On May 2, 12:29 pm, d...habmalnefrage.de wrote:
>
> > > Hi all,
>
> > > I use django.contrib.sessionswith
SESSION_EXPIRE_AT_BROWSER_CLOSE=True.
>
> > > I need a way toexpireasessionon certain
amount of time of inactivity in the browser.
>
> > > Each new request to django should retrigger
theexpiretime.
>
> > > Is there a possibility to modifiy
thesessionmodule or build a middleware which does this ?
>
> > > Regards,
> > > Dirk
> > > --
> > > "Feel free" - 10 GB Mailbox, 100
FreeSMS/Monat ...
> > > Jetzt GMX TopMail testen:http://www.gmx.net/d
e/go/topmail


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Re: special session-time usecase
country flaguser name
United States		 2007-05-31 13:39:26 
> I see what you are saying, but I want the user to be
automatically
> logged out after a period of inactivity for security
purposes.

Yes, this accomplishes that.

> 1)  Do you mean I would check the last time they saved
and then
> compare it with a time limit everytime they alter a
session?

Yes, basically, except that you're setting a session
parameter on
every page load, which is what you're checking against,
rather than
against the last time the user saved something.

> 2)  If the time limit has been surpassed, would I
disallow the
> transaction and then log them out?

Yes.

> I was hoping there was another way where somehow the
system would
> check constantly and expire old sessions and cookies
automatically.
> I'm still unsure how something could sit in the
background and check
> every minute, not  sure if its even possible.

Why would you need to actively cause them to expire, as long
as
they're refused when someone tries to accomplish something
with them?
If you log the user out upon any request after the
expiration time,
you get the same effect.  The session becomes an expired
session
whether or not you delete the cookie, and whether or not the
user ever
returns to the site.  Not sure if I'm explaining this
clearly.

In pseudo-code...

on every request:
  if (session['last_activity'] > (now - 30min)):
    user.logout()
    session.destroy()
    session.create()
    session['last_activity'] = now
    redirect('/login_url')
  else:
    session['last_activity'] = now
    execute_requested_view()


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Re: special session-time usecase
country flaguser name
United States		 2007-05-31 14:14:24 
That makes a lot more sense to me now, thanks for the
explanation!
The only thing that worries me is repetition.  It seems like
it would
get very repetitive implementing this inside every view in
the entire
project.  Is there somewhere else you can check everytime a
request is
made?


On May 31, 1:39 pm, ringemup <ringe...gmail.com> wrote:
> > I see what you are saying, but I want the user to
be automatically
> > logged out after a period of inactivity for
security purposes.
>
> Yes, this accomplishes that.
>
> > 1)  Do you mean I would check the last time they
saved and then
> > compare it with a time limit everytime they alter
a session?
>
> Yes, basically, except that you're setting a session
parameter on
> every page load, which is what you're checking against,
rather than
> against the last time the user saved something.
>
> > 2)  If the time limit has been surpassed, would I
disallow the
> > transaction and then log them out?
>
> Yes.
>
> > I was hoping there was another way where somehow
the system would
> > check constantly and expire old sessions and
cookies automatically.
> > I'm still unsure how something could sit in the
background and check
> > every minute, not  sure if its even possible.
>
> Why would you need to actively cause them to expire, as
long as
> they're refused when someone tries to accomplish
something with them?
> If you log the user out upon any request after the
expiration time,
> you get the same effect.  The session becomes an
expired session
> whether or not you delete the cookie, and whether or
not the user ever
> returns to the site.  Not sure if I'm explaining this
clearly.
>
> In pseudo-code...
>
> on every request:
>   if (session['last_activity'] > (now - 30min)):
>     user.logout()
>     session.destroy()
>     session.create()
>     session['last_activity'] = now
>     redirect('/login_url')
>   else:
>     session['last_activity'] = now
>     execute_requested_view()


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Re: special session-time usecase
country flaguser name
United States		 2007-05-31 14:39:15 


On May 31, 3:14 pm, tyman26 <twen...vltool.com> wrote:
> That makes a lot more sense to me now, thanks for the
explanation!
> The only thing that worries me is repetition.  It seems
like it would
> get very repetitive implementing this inside every view
in the entire
> project.  Is there somewhere else you can check
everytime a request is
> made?

I'm pretty certain that that's what middleware does.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
Re: special session-time usecase
country flaguser name
United States		 2007-05-31 15:39:47 
Ok, I just read into middleware a bit more and I see the
possibilities
now.  I'm going to attempt to write this and I'll post the
results
once I'm done.  This seems like something people might want
at their
disposal.  Thanks for the assistance.


ringemup wrote:
> On May 31, 3:14 pm, tyman26 <twen...vltool.com> wrote:
> > That makes a lot more sense to me now, thanks for
the explanation!
> > The only thing that worries me is repetition.  It
seems like it would
> > get very repetitive implementing this inside every
view in the entire
> > project.  Is there somewhere else you can check
everytime a request is
> > made?
>
> I'm pretty certain that that's what middleware does.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
[1-8]

about | contact  Other archives ( Real Estate discussion Medical topics )