|
Jorey Bump
list at joreybump.com
Fri Oct 29 12:12:55 EDT 2004
Lukas Trejtnar wrote: > Thank you for the examples. I tried the latter and it worked exactly as > I wanted it to work. I reused this example in the PythonAuthenHandler > and it worked fine, also. Great, many thanks. No problem. I've been putting off learning more about sessions because I hate to use cookies. I'm glad you asked the question. If you get a chance, check the code with a variety of browsers. I get perfect results from the latest versions of IE and lynx. Mozilla 1.7.3 works, but only displays the realm name in the first login box. Subsequent logins identify the realm as "" (this may be a display bug, since the Live HTTP headers plugin clearly shows the realm name being sent from the server -- I'll have to do a proper sniff to see if there is any difference). Opera 7.54 begins the session, but returns an "internal communication error" instead of putting up a new login when the max time has elapsed. Both the session and authorization code work well standalone, but Opera doesn't like the way I combine them. > I'm a bit curious if it is possible to use session's native functions > for the same functionality instead of a reimplementation of the > session's timeout. My guess is that the timeout is really a server side housekeeping feature, since it doesn't affect the expiration date of the cookie. And the Session.last_accessed() always returns the current time (which is probably correct, but begs for the presence of Session.time_before_last_accessed()). I think Session.is_new() is meant to be used for initialization code, so destroying a user's session to gain this functionality seems less than optimum. I got all of my info here: http://www.modpython.org/live/current/doc-html/pyapi-sess-classes.html but it's a bit terse. Does anyone have an URL for the underlying apache session documentation? I can't find it, and the mod_usertrack page is pretty lean.
|