[Twisted-web] Re: /__logout__ doesn't expire the session
Andrea Arcangeli
andrea at cpushare.com
Fri Jan 14 12:33:56 MST 2005
On Fri, Jan 14, 2005 at 09:04:05PM +0200, Tommi Virtanen wrote:
> Andrea Arcangeli wrote:
> >However to do everything in the logout callback I need the ctx too, not
> >only the session (then I could drop an intermediate redirecting page).
> >
> >I'll try to find a way to move from request to ctx (they're an 1:1
> >mapping, going from ctx to request is easy with inevow.IRequest, I'm
> >just not sure about the reverse... ;).
>
> This is mostly because the old APIs only passed request to anything,
> ctx is a recent addition. Things still need to be fixed to have ctx,
> but backwards compatibility and integration with older code is a
> challenge.
>
> I want ctx in the access.log writing functions, to know which virtual
> host the request was for..
Ok, no problem, logout isn't reliable anyway since the session can
expire instead of the user logging out, so I'll simply use the mind to
expire the session instead of applying the patch I posted (the security
part).
Thanks everyone!
More information about the Twisted-web
mailing list