django specific url/view that wont modify the session expiry date? - django

As I see each time the session is changed, i.e request.session['last_date'] = datetime.datetime.now() for example, the expiry_date is changed too.
Can I create an exception for that? I want to use the expiry_date as a timeout for the session, but I have a JS code in the client which send requests every few minutes, thus always extend the session expiry_date.
I want a way (simple, I hope) to write to the session without extending this date.

You can use the session.set_expiry function to set a custom expiry date, which will not be extended after modifying the session.

Related

Flask-Login user status monitoring

I'm developing a small website with Flask & Flask-Login. I need an admin view to monitor all user's online status. I added an is-online column in user db collection and try to update it. But I didn't find any callbacks to handle session expires. How to solve it or any better idea?
Thanks!
FYI, Counting Online Users with Redis | Flask (A Python Microframework) - http://flask.pocoo.org/snippets/71/.
You could get away with checking if users last activity time is bigger(older) than session life time.
if that's the case, you will go on an update their is_online status.
the way i have handled the problem in my application was, since i had a last_activity field in db for each user, to log when they have done what they have done, i could check that value vs session life time.
One very crude method is to create a separate stack that pushes and pops when a user logs in. Assuming that session id and userid on your db is not tied together (i.e., you have separate session id and user id), you can maintain a ledger of sorts and push and pop as sessions are created and destroyed.
You will have to put special emphasis on users running multiple sessions on multiple devices...which is why i put a caveat saying this is a rather crude method.

Is there a "ThisVisit" timestamp in ColdFusion?

Coldfusion has a system created client variable called lastvisit.
Is there a way to get the value of that variable during the request that it is actually set (i.e. client.thisvisit)?
The idea would be that I can store the "ThisVisit" timestamp in session and then compare it to lastvisit when the next request is made. This would tell me if another request was made in the session.
The purpose is that we have a page that we use an ajax record lock on which refreshes the lock every minute. After sixty minutes the ajax lock code will automatically log the user out of the website (due to inactivity). The issue arises where the user is executing tasks in other windows/tabs (indication of activity).
Sense all requests update LastVisit, I would like to have the ajax lock code save the save a "thisvisit" value so that the next time it runs it can compare it to the LastVisit client variable.
A couple requirements:
Set up to use a DB rather than registry for your client vars (trust
me).
Client vars have to have "global variables" enabled
Your cfapplication or application.cfc has to have client management enabled.
If you have those three things you can select a query like the following:
<cfquery name="getLvisit" datasource="myClientVarsDB">
SELECT lvist
FROM cglobal
WHERE cfid =
<cfqueryparam type="CF_SQL_CHAR" value="#urltoken#"/>
</cfquery>
urltoken might be wrong... it may need the jsessionID or CFID but my memory tells me cftoken. I'd have to hunt down a site using Client DBs to give you a definitive answer.
So that would give you the current value of the lvisit variable. you would store this in the session and then compare it against the value from the table on subsequent queries before you overwrite it again (if that makes sense).
Note - this value is updated on each request - so your query get's the current value (before it has been updated). I previously thought this it was updated first but according to Tom it's actually updated last.

Cleaning a session variable periodically without cleaning session

In Django, is it possible to clean a session variable periodically without cleaning whole session?
Depending upon the session manager, it might be possible but difficult.
If you are using database backed sessions, you could scan the table, parse the base64 encoded data and delete the variable you want cleaned.
If you must do this, I would either extend the sessions system with a custom mod or store the variable independently somewhere I could easily flush it.
Two Approaches
set_expiry time of session and deleting it periodically can be helpful
SESSION_COOKIE_AGE = 5 * 60 #session expiry time (5 mins)
another way as Rob suggested, playing with session data based on session key.
from django.contrib.sessions.models import Session
from django.contrib.sessions.backends.db import SessionStore
sessionid = Session.objects.get(session_key=123f4b3106c740c1a54970a8b611111)
session_data = sessionid.get_decoded()

How can I push data to a user session?

I need to push changes to my app's session scopes in real time. Each user in session in my app has a similar struct to this:
session.user =
{
name = "Foo",
mojo = "100"
};
Users can modify each others' "mojo." For example, if user Foo received 10 mojo points, and he now has 110, I need to update his session.user.mojo to reflect the additional "mojo" received. I need to modify his session struct, in other words.
Example 2: User in session 1 does something where user in session 2 receives "mojo." The session.user.mojo in session 2 needs to be updated to reflect this change.
Some info:
The inital mojo value is pulled from the database and stored in the session when a user logs in.
"Mojo" updates always take place in the database. "Mojo" stored in the session is used to govern user privileges.
What are my options? Is this even possible? I have absolutely no idea on how to do something like that.
UPDATE I don't want pass the updated values back to the user (the data will refresh when the user navigates between pages). I only want to change them in the appropriate user's session scope.
This answer is ColdFusion 9 specific.
Cache user data (e.g. cachePut()) by user ID, and keep track of their user ID in session. Every update to mojo should retrieve the user data in cache - if present - and update it there as well. Finally, if this is a multi-server environment, setup messaging between the machines that broadcasts the user ID of any change to mojo, servers receiving the message then update their own cached user data.
What this buys you is limiting the amount of database activity that goes on, pretty good liveness, and makes the mojo value available globally, which has the added benefit of being available for purposes other than the user session (e.g. another user can review their profile to see the mojo score).
If you really need to change vars in a particular Session, there's no built-in way to do that. Maybe you can abstract out the logic, instead of accessing the mojo from Session, always access mojo from DB?
update: Why session? How about a big struct in Application scope, and use userID or sessionID as key, and mojo as value? You can also store a timestape like lastUpdated and delete the ones that has not been updated to reclaim your memory. Then from time to time, update your DB? Or... update your DB async if u're worry about performance.

In django, are all session data deleted if a user logs out?

I need to track some information on users, but would like to retain it for a fixed time period, say a week.
If I set this value via request.sessions, and the user logs out, can I retrieve it if they log back in later? This all assumes that my sessions are normally set to expire in 30 days, if the user neVer logs out.
While thinking about the above problem, I decided to store the data in a table, but I would still like to know the answer to above for referenCe. I also decided not to use cookies due to unreliability.
It would depend on your session backend. But the default backend (backends.db) does delete the row from the sessions table when you log out.
I would recommend adding the data to a field in the user profile. Using the session will give problems even if you don't delete the data. The next time the user logs in you won't know which session id he/she used the last time and normally you only have the session id to look up. Not a user id so you can get all sessions owned by a specific user.