[Zope] Session expiration and concurrent same user access control.

Felipe Barousse Boue fbarousse@piensa.com
06 May 2003 10:33:31 -0500

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


We are currently using CookieCrumbler as the authentication method for
an application.  It all works fine so far.

Nevertheless, we are interested in implementing session expirations,
we'd like to set a property somewhere in the application tree with the
number of inactivity minutes when the "session" would expire after the
user has not done anything within that period.

The question is: what is the best approach to perform this "session
expiration" feature ? =20

As far as I am aware, CookieCrumbler does not natively supports this,
except of course, coding a bit more to programatically expire
CookieCrumbler's session cookies, but this could potentially create
other issues....

The second question is:  there is also the need to control that users do
not access the system with one account more than once at a time. (i.e.
that an account is not used by more than one user at a time).  Again,
what would be the advise in this subject ?

Both requirements (expirations and "only one login at a time") are for
the same application that currently uses CookieCrumbler.

I have seen many different UserFolders and Session products for Zope,
some have a rather old release dates and before embarking into an
adventure with some of this products, I'd like to get some feedback from
the Zope community.

Your advise is well appreciated, thanks in advance. !


Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org