Thank you very much! Everything is clear to me now. On Saturday, January 4, 2014 7:48:34 PM UTC+1, Anthony wrote: > > - A session file is created associated to a user each time that user logs >> in. Is this ok? >> > > Yes, it is OK. > > >> - My users make a login through auth.login_bare(user, password), does >> this create a session file then? >> > > Yes. > > >> - What should be the code to remove the session file of a user when >> he/she makes a logout? >> > > The session filename is stored in response.session_filename, so you could > do it in an onlogout callback. Perhaps we should make this the default > whenever session.renew() is called (which happens by default when someone > logs in or out), since the old file gets abandoned at that point. Maybe > open an issue on Google Code and refer to this post. > > Also, there is a script you can use to periodically clean up the sessions: > https://github.com/web2py/web2py/blob/master/scripts/sessions2trash.py > > >> - I've set my auth.settings.expiration to 999999999, does this affect to >> sessions too? As far as I know it only affects to when an inactive user is >> automatically logged out, is this correct? >> > > That won't affect the session. However, if you use the "remember me" > option at login, then auth.settings.long_expiration will determine how long > the session cookie remains valid (still won't have any effect on > keeping/removing the session file itself, though). > > >> - Testing this I've seen that with no logged users in my server, if I >> manually remove the sessions files, some of them are created again!! Why >> and how? As I said I have no users logged in the server. >> > > A session file is created whenever a new visitor visits the site and > anything is saved to the session (whether or not the user is logged in). > Sessions are not used only for logged in users, but can be used for any > visitor. If you navigate to a page with a form (e.g., the login or register > pages), for example, the session will be used (to store the CSRF token) -- > even if you don't actually submit the form. > > Anthony >
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
