คุณอยู่ที่นี่

Automatically logout Odoo 8 session / expire session if user inactive after a specific time.

Our customer require Odoo to be automatically logged out after a user is inactive on a specific time, 20 mins in this case.

After searching, I found that there are some solutions to do this.
https://www.odoo.com/es_ES/forum/help-1/question/odoo-8-automatic-logout...
We can edit the Odoo source code on the server.
The session is implemented in /usr/lib/python2.7/dist-packages/openerp/http.py (or your installation path).
We found:

  1. def session_gc(session_store):
  2. if random.random() < 0.001:
  3. # we keep session one week
  4. last_week = time.time() - 60*60*24*7
  5. for fname in os.listdir(session_store.path):
  6. path = os.path.join(session_store.path, fname)
  7. try:
  8. if os.path.getmtime(path) < last_week:
  9. os.unlink(path)
  10. except OSError:
  11. pass

We have to change last_week = time.time() - 60*20 for 20 mins time out.
Odoo use Werkzeug as wsgi library.
It uses file-based sesionstore implementation as we found in session_gc function.
But the function is not check and update session store when the request call to extend session timeout.

We change the function into this:

  1. def session_gc(session_store, sid):
  2. if random.random() < 0.1: # default 0.001
  3. #we keep session one week
  4. #last_week = time.time() - 60*60*24*7
  5. timeout = time.time() - 60*20 # 20 mins
  6. for fname in os.listdir(session_store.path):
  7. path = os.path.join(session_store.path, fname)
  8. try:
  9. if os.path.getmtime(path) < timeout:
  10. os.unlink(path)
  11. if sid is not None:
  12. if sid in path:
  13. os.utime(path, None)
  14. except OSError:
  15. pass

and

  1. def setup_session(self, httprequest):
  2. # recover or create session
  3. sid = httprequest.args.get('session_id')
  4. #session_gc(self.session_store, sid)
  5. explicit_session = True
  6. if not sid:
  7. sid = httprequest.headers.get("X-Openerp-Session-Id")
  8. if not sid:
  9. sid = httprequest.cookies.get('session_id')
  10. explicit_session = False
  11. if sid is None:
  12. httprequest.session = self.session_store.new()
  13. else:
  14. httprequest.session = self.session_store.get(sid)
  15.  
  16. session_gc(self.session_store, sid)
  17.  
  18. return explicit_session

We use os.utime to update the modified time, every checking time .
Then the session time will be extended to latest request.
We rearrage checking position after session setup instead.

Now, It works. If you found something wrong, please tell us.

Facebook Comments Box