[Zope] Session expiration and concurrent same user access control.

Felipe Barousse Boue fbarousse@piensa.com
06 May 2003 10:33:31 -0500


--=-EAdNxdUNnHYZ4rcNziAY
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hello:

We are currently using CookieCrumbler as the authentication method for
an application.  It all works fine so far.

Nevertheless, we are interested in implementing session expirations,
we'd like to set a property somewhere in the application tree with the
number of inactivity minutes when the "session" would expire after the
user has not done anything within that period.

The question is: what is the best approach to perform this "session
expiration" feature ? =20

As far as I am aware, CookieCrumbler does not natively supports this,
except of course, coding a bit more to programatically expire
CookieCrumbler's session cookies, but this could potentially create
other issues....


The second question is:  there is also the need to control that users do
not access the system with one account more than once at a time. (i.e.
that an account is not used by more than one user at a time).  Again,
what would be the advise in this subject ?

Both requirements (expirations and "only one login at a time") are for
the same application that currently uses CookieCrumbler.

I have seen many different UserFolders and Session products for Zope,
some have a rather old release dates and before embarking into an
adventure with some of this products, I'd like to get some feedback from
the Zope community.

Your advise is well appreciated, thanks in advance. !

Felipe



--=-EAdNxdUNnHYZ4rcNziAY
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA+t9XKLAvKgbXVX78RAlfvAKCK8muCX1hgAvDN4PsyAk8S5OTjCgCeLB96
lSO3mh1NZA1CHOLsLKbJSdQ=
=0EPL
-----END PGP SIGNATURE-----

--=-EAdNxdUNnHYZ4rcNziAY--