[Twisted-web] Re: /__logout__ doesn't expire the session
Tommi Virtanen
tv at twistedmatrix.com
Fri Jan 14 13:23:16 MST 2005
Andrea Arcangeli wrote:
> Ok, no problem, logout isn't reliable anyway since the session can
> expire instead of the user logging out, so I'll simply use the mind to
> expire the session instead of applying the patch I posted (the security
> part).
As far as I understand things, session timeout causes all the related
logout functions to be called.
It goes something like this:
one session relates to 0..n logged in portals
portal logout means pretty much nothing to a session
session expiry logs out from all related portals
__logout__ logs out from that particular portal
if you store data in session, they live until session expiry
if you store data in mind, it lives until portal logout (NOTE: this
is the only part I do not grok the code for, so I may be wrong here.
I am pretty sure about the other points)
This should probably be said explicitly in some docstrings.
More information about the Twisted-web
mailing list