[albatross-users] SessionFileAppMixin has no session_age
Andrew McNamara
andrewm at object-craft.com.au
Wed Jan 29 09:52:18 EST 2003
>I was actually looking for a way to make the sessions last longer.
>Wouldn't it just be a matter of turning up the expire time on the cookie?
>
>I pretty much want to make it so that if someone logs into my site, and
>clicks the 'remember me' button it does just that and lets them log in.
>Say it keeps the session for about a week.
Ah! Currently we set no "Max-Age" on the cookie, so it lasts until the
user closes the browser. So, yes, setting an explicit Max-Age would help
in your application, and the SessionFile mixin in perfect, as the sessions
are persistent (the SessionServer's sessions are stored in memory, so if
the server is restarted, they are lost - this will be rectified one day,
but should be considered a "feature" until them... 8-).
The problem is, we don't expose the cookie machinery to the application. If
you look in sessionfile.py, SessionFileContextMixin, you'll see how we're
setting the cookie. You could sub-class and replace load_session with a
version that sets the max-age on the resulting cookie.
We need to put some thought into making the cookie available to the
developer.
--
Andrew McNamara, Senior Developer, Object Craft
http://www.object-craft.com.au/
More information about the Albatross-users
mailing list