Added session_expires check. Resolves gratipay#2344

mushketyk · May 10, 2014 · 9c48783 · 9c48783
1 parent b9b2016
commit 9c48783
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/gittip/security/authentication.py b/gittip/security/authentication.py
@@ -2,6 +2,8 @@
 """
 import rfc822
 import time
+import datetime
+import pytz
 
 import gittip
 from aspen import Response
@@ -34,6 +36,8 @@ def inbound(request):
     elif 'session' in request.headers.cookie:
         token = request.headers.cookie['session'].value
         user = User.from_session_token(token)
+        if user.participant.session_expires < pytz.utc.localize(datetime.datetime.now()):
+            user = None
 
     request.context['user'] = user or User()
 

diff --git a/schema.sql b/schema.sql
@@ -22,7 +22,7 @@ CREATE TABLE participants
 , last_bill_result      text                        DEFAULT NULL
 
 , session_token         text                        UNIQUE DEFAULT NULL
-, session_expires       timestamp with time zone    DEFAULT CURRENT_TIMESTAMP
+, session_expires       timestamp with time zone    DEFAULT CURRENT_TIMESTAMP + INTERVAL '6 hours'
 
 , ctime                 timestamp with time zone    NOT NULL DEFAULT CURRENT_TIMESTAMP
 , claimed_time          timestamp with time zone    DEFAULT NULL