durusmail: quixote-users: more on sessions
more on sessions
2001-10-29
2001-10-29
2001-10-29
2001-10-29
2001-10-29
more on sessions
Andrew Kuchling
2001-10-29
On Mon, Oct 29, 2001 at 11:04:53AM -0800, Quinn Dunkan wrote:
>Oh, and BTW, what *is* the official way to expire a session?  I did a
>"del get_session_manager()[request.session.id]" (I mean, why else would it
>provide a __delitem__?) and wondered why it kept coming back before I realized
>I needed to satisfy is_empty() for it to revoke the cookie.  So now I do
>"session.user = session.actual_user = None" (yeah, I know, supposed to use the
>setters for that), but that seems too low-level, even though it works.

Just calling SessionManager.revoke_session_cookie() will remove the
cookie.  There isn't a function that both deletes the session and
revokes the cookie; maybe revoke_session_cookie() should also do:

        id = request.cookies.get(config.cookie_name)
        if self.sessions.has_key(id):
            del self.sessions[id]

Greg, Neil: what do you think?

--amk



reply