[Zope] Access Rule

Andrew R. Halko ahalko@insivia.com
Tue, 24 Jun 2003 12:14:30 -0400


Out of plain curiosity, how does it relate a "session" with a
user/browser.  Keeping track of IP address in Zope and relating them?

Andrew R. Halko

-----Original Message-----
From: Dylan Reinhardt [mailto:zope@dylanreinhardt.com] 
Sent: Tuesday, June 24, 2003 12:33 PM
To: Andrew R. Halko
Cc: zope@zope.org
Subject: Re: [Zope] Access Rule

On Tue, 2003-06-24 at 07:20, Andrew R. Halko wrote:
> I created an access rule in Plone, not the root and I need to find if
a
> user is logged in.  I was told that can't be done, 

Not without some work, anyway.  :-)

> but doesn't there
> have to be a something transferred between pages to tell if someone is
> logged in. 

Zope doesn't have the same notion of "logged in" and "sessions" that
other systems do.  Once you've authenticated, your authentication will
persist so long as you keep that browser open.  You remain "logged in"
even between server restarts.  I've maintained sessions like this for
weeks at a time; in theory you could stay logged in forever.

Knowing this, your question can be re-framed as "how can I check which
users have authenticated and/or used the system in the last X minutes?" 
You'll want to create some method that records a timestamp related to a
userid.  Call this method whenever a "session-maintaining" event (i.e.,
a login or request) takes place.  One way to do this would be to call
your "session" method in a header/footer method.  

Then create another method that can extract this information such that
you can determine which users have accessed the system recently and/or
check a specific user's currency.

There are any number of ways you can implement this... properties, an
RDBMS, a custom product... but that's the general approach I'd take.

HTH,

Dylan