[albatross-users] SessionAppContext handling session timeout / deleting.
Andrew McNamara
andrewm at object-craft.com.au
Thu Sep 13 09:16:07 EST 2007
>I'm revisiting this again. I've decided now that for the
>SessionExpired exception
>I would like to:
>
>1. remove the clients stale cookie (how?)
>2. redirect to or respond with the login page.
You could try setting the stale cookie's expiry time to "1970-1-1
00:00:01" (or any time in the past, really, but the unix "epoch" is
probably the safest). You'll probably also need to send a fresh cookie
at the same time.
>Do I still need to override handle_exception() to achieve this? Or is
>there a more canonical way? Having to override the handle_exception()
>method of the app seems a bit overblown since I'm reasonably happy with
>what it already does by default. It seems that I could just instantiate
>a new app context with the request object in __main__ and redirect() or
>is that not sensible/won't work?
Your other alternative is to wrap the load_session method. You could call
the base load_session, and if that raises SessionExpired, then catch it,
and call new_session() (the app should go to the start (login) page by
itself in this case).
Don't be worried about overloading Albatross methods - this is the way
it's meant to work. Rather than provide you with an all singing, all
dancing API that is hard to learn and still never quite does what you
want, Albatross provides you with some basic building blocks and lets
you assemble them however you want.
--
Andrew McNamara, Senior Developer, Object Craft
http://www.object-craft.com.au/
More information about the Albatross-users
mailing list