[Twisted-web] Re: /__logout__ doesn't expire the session

Alex Levy mesozoic at polynode.com
Thu Jan 13 14:12:22 MST 2005


Tommi Virtanen wrote:
> When your Realm returns the 3-tuple
> 
>     (inevow.IResource, someResource, logout)
> 
> that logout callback is called when you call guard's .logout() or visit
> __logout__ (or when the session expires). Clean up the state there. For
> instance, if your app-specific state is in
> session.setComponent(IMyAppState, state), and thus accessed
> with IMyAppState(inevow.ISession(ctx)), you can clean that with
> session.unsetComponent(IMyAppState).

Maybe this could be in an example somewhere, because I (for one) can't 
figure out how to do it. How do you access the session from the logout 
function? It isn't called with any parameters, and from what I can tell 
about IRealm implementors, the requestAvatar method -- whence the logout 
function is returned -- doesn't have access to the session either.

> Things could be simpler. But the design inherits directly from
> twisted.cred, and that is up to glyph to defend (most like on the
> main twisted mailing list).

Glyph did a pretty good job of defending the cred architecture back when 
it was "new cred". See 
http://twistedmatrix.com/pipermail/twisted-python/2003-June/004578.html

 > Things could be cleaner. That's mostly a matter of good docstrings,
 > gentle API evolution, and examples.

Yes, lots of examples :)

The architecture is good, it's just not very clear to many end users how 
to navigate through all the abstractions.

-- 
Alex Levy
WWW: http://mesozoic.geecs.org

"Never let your sense of morals prevent you from doing what is right."
  -- Salvor Hardin, Isaac Asimov's _Foundation_



More information about the Twisted-web mailing list