[Zope] Session Timeout Troubles
Sale, Robin
Robin.Sale at strus.com
Thu Jan 25 14:33:58 EST 2007
Dieter,
Thank you for your reply.
Originally was a customer-driven need to have them as long as possible
for some time, but now there is a management need to make sessions as
short as possible to increase security. My big concern is that my
predecessor may have done some serious deep-down hacking to make
sessions not time out until the browser is closed to stop the whining.
He's not around anymore and I'm not as much of an expert as him.
What I'm doing:
Visit a simple HTML page that has a link to a second ... all of which is
contained within a folder that requires authenticated user to view. I go
to server:8080/page_path/page_name and have to log in. I do so, and see
the page. Now, I wait 20,30, 45 minutes, even an hour and click on the
link to server:8080/page_path/page_name2. What I WANT to happen is to be
forced to provide my credentials if it's been sitting longer than 15
minutes. What IS happening is that I simply get the page. The zope.conf
is set with a session-timeout-minutes 15.
I've looked at the debugging page in the control panel, but it doesn't
tell me anything I recognize as useful.
=====================================
Robin Sale, Software Engineer
Specialized Technology Resources, Inc.
10 Water Street
Enfield CT 06082-4899 USA
robin.sale at strus.com
-----Original Message-----
From: zope-bounces at zope.org [mailto:zope-bounces at zope.org] On Behalf Of
Dieter Maurer
Sent: Thursday, January 25, 2007 1:28 PM
To: Sale, Robin
Cc: zope at zope.org
Subject: Re: [Zope] Session Timeout Troubles
Sale, Robin wrote at 2007-1-25 09:59 -0500:
> ...
>I've recently been asked to set the system to user sessions time out
>after 15 minutes of activity. I've changed the setting in our zope.conf
>file (the session timeout value) and restarted zope. However, if I open
>a page on the site that requires logon and log in, then leave the
>browser alone for 15 or 20 minutes or even an hour, when I click on a
>link, it doesn't force me to re-authenticate... it just works as
normal.
I have never heard of such a behaviour -- and it is almost unbelievable.
In any such case (unbelievable behaviour), I always use a powerfull
tool (the debugger in this case) to shed light into the behaviour.
--
Dieter
_______________________________________________
Zope maillist - Zope at zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
More information about the Zope
mailing list