Teapot session
Locked
 
|
Does Teapot's (ZnRequest's?) session ever expire? What is the expiry period?
I can't find where it's specified or configured. |
|
|
Teapot is a layer on zinc so you may check the Zinc chapters (I do not
know if this is there). On Mon, Jun 19, 2017 at 1:42 AM, horrido <[hidden email]> wrote: > Does Teapot's (ZnRequest's?) session ever expire? What is the expiry period? > > I can't find where it's specified or configured. > > > > > -- > View this message in context: http://forum.world.st/Teapot-session-tp4951845.html > Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com. > |
|
|
If you are talking about ZnServerSessions, the ones returned from ZnRequest>>#session, then the answer is that they are eligible for expiration and cleanup after 1 hour (see ZnServerSession>>#isValid). Cleanup happens inZnSingleThreadedServer>>#periodTasks. Right now, the expiration time is a fixed constant.
> On 19 Jun 2017, at 08:08, Stephane Ducasse <[hidden email]> wrote: > > Teapot is a layer on zinc so you may check the Zinc chapters (I do not > know if this is there). > > > On Mon, Jun 19, 2017 at 1:42 AM, horrido <[hidden email]> wrote: >> Does Teapot's (ZnRequest's?) session ever expire? What is the expiry period? >> >> I can't find where it's specified or configured. >> >> >> >> >> -- >> View this message in context: http://forum.world.st/Teapot-session-tp4951845.html >> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com. >> > |
|
|
I've added an attribute to the session called #user...
req session attributeAt: #user ifAbsentPut: user This is used to determine if I'm logged in. On logout, I would like to remove this attribute, but I can't figure out how to do it. Suggestion?
|
|
|
> On 19 Jun 2017, at 15:40, horrido <[hidden email]> wrote: > > I've added an attribute to the session called #user... > > req session attributeAt: #user ifAbsentPut: user > > This is used to *determine if I'm logged in*. On logout, I would like to > *remove* this attribute, but I can't figure out how to do it. Suggestion? req session removeAttribute: #user > Sven Van Caekenberghe-2 wrote >> If you are talking about ZnServerSessions, the ones returned from >> ZnRequest>>#session, then the answer is that they are eligible for >> expiration and cleanup after 1 hour (see ZnServerSession>>#isValid). >> Cleanup happens inZnSingleThreadedServer>>#periodTasks. Right now, the >> expiration time is a fixed constant. >> >>> On 19 Jun 2017, at 08:08, Stephane Ducasse < > >> stepharo.self@ > >> > wrote: >>> >>> Teapot is a layer on zinc so you may check the Zinc chapters (I do not >>> know if this is there). >>> >>> >>> On Mon, Jun 19, 2017 at 1:42 AM, horrido < > >> horrido.hobbies@ > >> > wrote: >>>> Does Teapot's (ZnRequest's?) session ever expire? What is the expiry >>>> period? >>>> >>>> I can't find where it's specified or configured. >>>> >>>> >>>> >>>> >>>> -- >>>> View this message in context: >>>> http://forum.world.st/Teapot-session-tp4951845.html >>>> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com. >>>> >>> > > > > > > -- > View this message in context: http://forum.world.st/Teapot-session-tp4951845p4951905.html > Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com. |
|
|
Interesting. Auto-complete doesn't show #removeAttribute: as an option.
Another question: After I've logged out, I can still click on Backpage in the browser to get to a page that should no longer be authorized. Is there a way to prevent this? Is there a way to invalidate the page?
|
|
|
> On 19 Jun 2017, at 17:11, horrido <[hidden email]> wrote: > > Interesting. Auto-complete doesn't show #removeAttribute: as an option. > > Another question: After I've logged out, I can still click on Backpage in > the browser to get to a page that should no longer be authorized. Is there a > way to prevent this? Is there a way to invalidate the page? It is in general impossible to prevent the user from going backwards in its browser. Still, it should not make any difference: the session remains de-autherized, so the user can not do any further requests, all the (protected) links s/he clicks are invalid. > Sven Van Caekenberghe-2 wrote >>> On 19 Jun 2017, at 15:40, horrido < > >> horrido.hobbies@ > >> > wrote: >>> >>> I've added an attribute to the session called #user... >>> >>> req session attributeAt: #user ifAbsentPut: user >>> >>> This is used to *determine if I'm logged in*. On logout, I would like to >>> *remove* this attribute, but I can't figure out how to do it. Suggestion? >> >> req session removeAttribute: #user >> >>> Sven Van Caekenberghe-2 wrote >>>> If you are talking about ZnServerSessions, the ones returned from >>>> ZnRequest>>#session, then the answer is that they are eligible for >>>> expiration and cleanup after 1 hour (see ZnServerSession>>#isValid). >>>> Cleanup happens inZnSingleThreadedServer>>#periodTasks. Right now, the >>>> expiration time is a fixed constant. >>>> >>>>> On 19 Jun 2017, at 08:08, Stephane Ducasse < >>> >>>> stepharo.self@ >>> >>>> > wrote: >>>>> >>>>> Teapot is a layer on zinc so you may check the Zinc chapters (I do not >>>>> know if this is there). >>>>> >>>>> >>>>> On Mon, Jun 19, 2017 at 1:42 AM, horrido < >>> >>>> horrido.hobbies@ >>> >>>> > wrote: >>>>>> Does Teapot's (ZnRequest's?) session ever expire? What is the expiry >>>>>> period? >>>>>> >>>>>> I can't find where it's specified or configured. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> View this message in context: >>>>>> http://forum.world.st/Teapot-session-tp4951845.html >>>>>> Sent from the Pharo Smalltalk Users mailing list archive at >>>>>> Nabble.com. >>>>>> >>>>> >>> >>> >>> >>> >>> >>> -- >>> View this message in context: >>> http://forum.world.st/Teapot-session-tp4951845p4951905.html >>> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com. > > > > > > -- > View this message in context: http://forum.world.st/Teapot-session-tp4951845p4951908.html > Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com. > |
|
|
In reply to this post by horrido
Try Ctl-q or Cmd-q after having typed a few chars. Continue until you get a match. Works in 6.0 Phil On Mon, Jun 19, 2017 at 5:11 PM, horrido <[hidden email]> wrote: Interesting. Auto-complete doesn't show #removeAttribute: as an option. |
|
|
Hi Phil,
On Mon, Jun 19, 2017 at 09:07:23PM +0200, [hidden email] wrote: > Try Ctl-q or Cmd-q after having typed a few chars. Continue until you get a > match. > > Works in 6.0 > > Phil Thanks! I wasn't aware of this gem. Cheers, Alistair |
«
Return to Pharo Smalltalk Users
|
1 view|%1 views
| Free forum by Nabble | Edit this page |