Check, whether logged in

jasagemal · July 8, 2024, 12:34pm

using rest-api of plone6, how do i know whether i'm still logged in?

i'm running a loop in a script that checks for specific changes of our plone pages every two minutes. but it seems that the user get's logged out automatically after some hours.
so what is a reasonable method to check whether the script is still logged in?

zopyx · July 8, 2024, 6:20pm

plone.api or plone.restapi?

If you access Plone from a Python script (via bin/instance run script.py), there is nothing that would log you out.

seanupton · July 8, 2024, 10:11pm

If you are using Basic authentication scheme, there's no concept of "logged in across multiple HTTP requests" running from a script. But I am unclear on what you mean by "a script" here.

You might need to elaborate on how the context/environment in which your script runs and how you are authenticating... Is this something running on a server, or is this something running in JavaScript in an open tab of a browser for which you are relying on the user having some kind of session?

If you are not using Basic authentication and you want to have multiple requests across one authenticated session of some sort, it really sounds like you might want to use JWT (see docs here).

jasagemal · July 8, 2024, 11:32pm

ok, sorry, i forgot to say that i use python3.
and i'm using the rest-api with api_url + '/@login', so no http auth.

the hint to the docs (especially section #renewing-a-token-login-renew) seems to be very helpful, because indeed i got logged out (or kicked out) after ~12h.
so I guess, i just need to renew my token every 11,9h.
i'll try this out in the next days and report here, whether this solved the problem.
thanks!

jasagemal · July 12, 2024, 6:46am

Indeed, that solved the problem. thanks a lot!

i'm using now (roughly):

def rest_api(self, ...)
	# ...
	if(self.logged_in
		and action_type not in ('login', 'login-renew')
		and self.now() - self.token_lasttime > .8 * self.token_lifespan
	):
		if self.now() - self.token_lasttime > .99 * self.token_lifespan:
			self.login()
		else:
			self.login_renew()
	return requests.request(...)

def login(self):
	r = self.rest_api('post',
		self.api_url + '/@login',
		json={'login': self.user, 'password': self.password})
	self.token = r.json().get('token')
	self.token_lasttime = self.now()
	self.logged_in = True