This is the relevant section in Auth.__init__ for the login expiration:
if auth and auth.last_visit and auth.last_visit + \
datetime.timedelta(days=0, seconds=auth.expiration) >request
.now:
self.user = auth.user
# this is a trick to speed up sessions
if (request.now - auth.last_visit).seconds > (auth.expiration /
10):
auth.last_visit = request.now
else:
self.user = None
if session.auth:
del session.auth
I have verified that jsonrpc requests will update the last_visit. BUT the
login will expire anyway (after "expiration", since the original login),
which I can not understand from the code above.
This does not happen when doing normal accesses: doing periodic requests
will keep an active login forever, which is expected I think.
Am I missing something here?
Thanks,
Daniel
--
