[Twisted-web] Re: /__logout__ doesn't expire the session
mesozoic at polynode.com
Thu Jan 13 14:12:22 MST 2005
Tommi Virtanen wrote:
> When your Realm returns the 3-tuple
> (inevow.IResource, someResource, logout)
> that logout callback is called when you call guard's .logout() or visit
> __logout__ (or when the session expires). Clean up the state there. For
> instance, if your app-specific state is in
> session.setComponent(IMyAppState, state), and thus accessed
> with IMyAppState(inevow.ISession(ctx)), you can clean that with
Maybe this could be in an example somewhere, because I (for one) can't
figure out how to do it. How do you access the session from the logout
function? It isn't called with any parameters, and from what I can tell
about IRealm implementors, the requestAvatar method -- whence the logout
function is returned -- doesn't have access to the session either.
> Things could be simpler. But the design inherits directly from
> twisted.cred, and that is up to glyph to defend (most like on the
> main twisted mailing list).
Glyph did a pretty good job of defending the cred architecture back when
it was "new cred". See
> Things could be cleaner. That's mostly a matter of good docstrings,
> gentle API evolution, and examples.
Yes, lots of examples :)
The architecture is good, it's just not very clear to many end users how
to navigate through all the abstractions.
"Never let your sense of morals prevent you from doing what is right."
-- Salvor Hardin, Isaac Asimov's _Foundation_
More information about the Twisted-web