Some of the information here may be outdated, please check the book instead
[edit]

Timeout depends on user's parameters:

  • the timeout time
  • what happens on timeout.

Session should ever expire because they can be used for tracking, not just authentication. Nevertheless, on timeout, user should be logged out. How user is logged out/in is very application specific. I suggest you create a model file called models/timeout.py that contains

import time
TIMEOUT=30*60 # seconds 
PATH_ON_TIMEOUT='/%s/default/logout' % request.application
if session.lastrequest and session.lastrequest<time.time()-TIMEOUT and request.env.path_into!=PATH_ON_TIMEOUT:
    #optional if you don't care about tracking usage: session.clear()
    redirect(PATH_ON_TIMEOUT)   
session.lastrequest=time.time()

and create a controller default/logout that performs the logout. I do not think you need more.

© 2008-2010 by Massimo Di Pierro - All rights reserved - Powered by web2py - design derived from a theme by the earlybird
The content of this book is released under the Artistic License 2.0 - Modified content cannot be reproduced.