[mod_python] Session timeout

Jim Gallacher jpg at jgassociates.ca
Thu Nov 23 08:30:59 EST 2006 

Rubén da Silva wrote:
> Jim Gallacher wrote:
>> Rubén da Silva wrote:
>>
>>> I'm debugging an error:
>>>
>>>     * id: 80b5b4b9af0a2e710195bab30cc3c358
>>>     * is_new: False
>>>     * created: 1164195872.07
>>>     * last_accessed: 1164196137.86
>>>     * timeout: 3600
>>>
>>> i'm developing an application who uses Session for store user data 
>>> after users logins correctly,
>>>
>>> I use in every request after login:
>>> ses = Session.Session(req, timeout = out)
>>> This Session object is what i show you at mail head.
>>>
>>> Session stores correctly all data and detects is_new ok, BUT, session 
>>> expires in (created + timeout) time, NOT in (last_accessed + timeout) 
>>> time. Last_accessed as you can see, changes correctly, but after 
>>> timeout (3600s. - 1 Hr.) using the application, session is deleted an 
>>> users must login again.
>>>
>>> How can i correct this?
>>
>>
>> It is necessary to save the session object after each request so that 
>> last_accessed gets updated. Are you doing so?
>>
>> Jim
> 
> No, i only use save() first time user logins.
> But session.last_accessed changes in every request.

I gets updated in every request but you need to save the session for the 
value to persist.

The session cleanup is handled by a separate mechanism which reads the 
session data to retrieve the last_accessed value. Since you are not 
saving your session, last_accessed is not getting updated in the session 
store, and so your session is getting removed in the cleanup.

You always need to save your session.

Jim

More information about the Mod_python mailing list