durusmail: quixote-users: more on sessions
more on sessions
2001-10-29
Quinn Dunkan
2001-10-29
Andrew Kuchling
2001-10-29
Quinn Dunkan
2001-10-29
Greg Ward
2001-10-29
Neil Schemenauer
2001-10-29
Greg Ward
more on sessions
Quinn Dunkan
2001-10-29
> On Mon, Oct 29, 2001 at 11:04:53AM -0800, Quinn Dunkan wrote:
> >Oh, and BTW, what *is* the official way to expire a session?  I did a
> >"del get_session_manager()[request.session.id]" (I mean, why else would it
> >provide a __delitem__?) and wondered why it kept coming back before I realiz
> ed
> >I needed to satisfy is_empty() for it to revoke the cookie.  So now I do
> >"session.user = session.actual_user = None" (yeah, I know, supposed to use t
> he
> >setters for that), but that seems too low-level, even though it works.
>
> Just calling SessionManager.revoke_session_cookie() will remove the
> cookie.  There isn't a function that both deletes the session and
> revokes the cookie; maybe revoke_session_cookie() should also do:
>
>       id = request.cookies.get(config.cookie_name)
>       if self.sessions.has_key(id):
>           del self.sessions[id]

Perhaps it should go in a seperate expire_session() method, since it's doing
more than just revoking a cookie (and is a higher-level operation).  Also,
other methods using it would probably depend on it not deleting the session.
It looks like only maintain_session() would be broken, but I don't know
whether revoke_ession_cookie() is meant to be part of the external protocol.
Since it has a doc string I assume it is?
reply