Thursday, September 30, 2010

Key based session expiration

Hi there!

I want my registered users to authenticate again to access some parts of my website but without setting the whole session expiration on browser close (which is done by setting set_expiry(0) if I got it correctly).

Let's say that the section I want to secure again is http://domain.tld/users/vault/ I've set my vault view to require a 'has_vault_access' session key and if not, user is redirected to a vault_auth view which asks the user for is password before granting the session key.

The problem is I'd like this key to expire on browser close but just that key and not the whole user session because I'd like my user to stay connected as they would without that vault access thing.

So my questions are :

- Am I thinking correctly with this implementation of my "vault"?
- How can I set a session key to have a different expiration method than the whole session it belongs to?

Thanks in advance for your help,
Thomas Gautier.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

No comments:

Post a Comment