[Twisted-web] Re: /__logout__ doesn't expire the session
Andrea Arcangeli
andrea at cpushare.com
Fri Jan 14 15:23:04 MST 2005
On Fri, Jan 14, 2005 at 08:33:56PM +0100, Andrea Arcangeli wrote:
> expire instead of the user logging out, so I'll simply use the mind to
> expire the session instead of applying the patch I posted (the security
I can't expire the session from there, it gets in some sort of recursion
and tries to expire it twice, and the second time it generates an
exception. Not too bad actually but for now I'm fine with a
unsetCompontent which doesn't fire the exception (at least I get the
bonus that it won't require cookie regeneration).
if interface is inevow.IResource:
def logout(session):
def _logout():
session.unsetComponent(iweb.IAccount)
return _logout
if avatar_id is checkers.ANONYMOUS or avatar_id.shutdown:
resc = guest.root_page_class()
resc.realm = self
return (inevow.IResource, resc, lambda : None)
else:
resc = account.root_page_class(avatar_id)
resc.remember(avatar_id, iweb.IAccount)
resc.realm = self
session = mind.request.getSession()
return (inevow.IResource, resc, logout(session))
btw, the logout trick looks quite like an hack, but the only real problem is
that I can't get to the ctx, so I'm fine with the above trick for now.
Thanks everyone.
More information about the Twisted-web
mailing list