Re: [galaxy-dev] galaxy login session query
Hi, Thanks a lot Mr.Lazarus, this solution worked out. I have one more (last) query related to sessions. When a user logs out from galaxy and in the next page uses the back button, the user session doesn't expire. The user can't see the previously saved history but it shows that the user is still logged in. Can anyone or Mr.Lazarus can suggest how this problem can be solved. Regards Harendra On Sun, May 15, 2011 at 10:42 PM, Ross <ross.lazarus@gmail.com> wrote:
Harendra,
Welcome to Galaxy!
As far as I know, there's currently no parameter in universe_wsgi.ini other than the cookie path but in [galaxyroot]/lib/galaxy/web/framework/__init__.py you might be able to change the default from 90 days - I have NOT tested this so YMMV. All the calls to set_cookie I found appear to rely on the default age...
def set_cookie( self, value, name='galaxysession', path='/', age=90, version='1' ): """Convenience method for setting a session cookie""" # The galaxysession cookie value must be a high entropy 128 bit random number encrypted # using a server secret key. Any other value is invalid and could pose security issues. self.response.cookies[name] = value self.response.cookies[name]['path'] = path self.response.cookies[name]['max-age'] = 3600 * 24 * age # 90 days tstamp = time.localtime ( time.time() + 3600 * 24 * age )
self.response.cookies[name]['expires'] = time.strftime( '%a, %d-%b-%Y %H:%M:%S GMT', tstamp ) self.response.cookies[name]['version'] = version
On Sun, May 15, 2011 at 12:44 PM, Harendra chawla < chawla.harendra@gmail.com> wrote:
Hi everyone,
I am new to Galaxy and I have a specific requirement regarding the user session. When a user logs in to galaxy his session dose not expire until he logs out. I want that when a user logs in his session automatically expires in 3 days and he will be asked to login again. Can anyone suggest how or where this can be done.
Regards Harendra
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
-- Ross Lazarus MBBS MPH; Associate Professor, Harvard Medical School; Director of Bioinformatics, Channing Lab; Tel: +1 617 505 4850; Head, Medical Bioinformatics, BakerIDI; Tel: +61 385321444;
Harendra chawla wrote:
Hi,
Thanks a lot Mr.Lazarus, this solution worked out. I have one more (last) query related to sessions. When a user logs out from galaxy and in the next page uses the back button, the user session doesn't expire. The user can't see the previously saved history but it shows that the user is still logged in. Can anyone or Mr.Lazarus can suggest how this problem can be solved.
Hi Harendra, This is a function of browsers that we can't really do anything about. The best solution is to instruct users to close their browser after logging out. Since the user is logged out, if anyone does hit the back button, it would not be possible to view any of that user's private data. --nate
Regards Harendra
On Sun, May 15, 2011 at 10:42 PM, Ross <ross.lazarus@gmail.com> wrote:
Harendra,
Welcome to Galaxy!
As far as I know, there's currently no parameter in universe_wsgi.ini other than the cookie path but in [galaxyroot]/lib/galaxy/web/framework/__init__.py you might be able to change the default from 90 days - I have NOT tested this so YMMV. All the calls to set_cookie I found appear to rely on the default age...
def set_cookie( self, value, name='galaxysession', path='/', age=90, version='1' ): """Convenience method for setting a session cookie""" # The galaxysession cookie value must be a high entropy 128 bit random number encrypted # using a server secret key. Any other value is invalid and could pose security issues. self.response.cookies[name] = value self.response.cookies[name]['path'] = path self.response.cookies[name]['max-age'] = 3600 * 24 * age # 90 days tstamp = time.localtime ( time.time() + 3600 * 24 * age )
self.response.cookies[name]['expires'] = time.strftime( '%a, %d-%b-%Y %H:%M:%S GMT', tstamp ) self.response.cookies[name]['version'] = version
On Sun, May 15, 2011 at 12:44 PM, Harendra chawla < chawla.harendra@gmail.com> wrote:
Hi everyone,
I am new to Galaxy and I have a specific requirement regarding the user session. When a user logs in to galaxy his session dose not expire until he logs out. I want that when a user logs in his session automatically expires in 3 days and he will be asked to login again. Can anyone suggest how or where this can be done.
Regards Harendra
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
-- Ross Lazarus MBBS MPH; Associate Professor, Harvard Medical School; Director of Bioinformatics, Channing Lab; Tel: +1 617 505 4850; Head, Medical Bioinformatics, BakerIDI; Tel: +61 385321444;
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
participants (2)
-
Harendra chawla -
Nate Coraor