added session status check #633

sandialabs · Aug 24, 2016 · e3ef029 · e3ef029
1 parent 65b814c
commit e3ef029
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 2 deletions.
diff --git a/packages/slycat/web/server/handlers.py b/packages/slycat/web/server/handlers.py
@@ -1769,8 +1769,9 @@ def get_remotes(hostname):
     session = database.get("session", cherrypy.request.cookie["slycatauth"].value)
     for session in session["sessions"]:
       if session["hostname"] == hostname:
-        status = True
-        msg = "hostname session was found"
+        if slycat.web.server.remote.check_session(session["sid"]):
+          status = True
+          msg = "hostname session was found"
   except Exception as e:
     cherrypy.log.error("could not save session for remotes %s" % e)
   return {"status":status, "msg":msg}

diff --git a/packages/slycat/web/server/remote.py b/packages/slycat/web/server/remote.py
@@ -955,6 +955,38 @@ def get_session(sid):
     session._accessed = datetime.datetime.utcnow()
     return session
 
+def check_session(sid):
+  """Return a true if session is active
+
+  If the session has timed-out or doesn't exist, returns false
+
+  Parameters
+  ----------
+  sid : string
+    Unique session identifier returned by :func:`slycat.web.server.remote.create_session`.
+
+  Returns
+  -------
+  boolean :
+  """
+  client = cherrypy.request.headers.get("x-forwarded-for")
+
+  with session_cache_lock:
+    _expire_session(sid)
+    response = True
+    if sid in session_cache:
+      session = session_cache[sid]
+      # Only the originating client can access a session.
+      if client != session.client:
+        response = False
+
+    if sid not in session_cache:
+      response = False
+    if response:
+      session = session_cache[sid]
+      session._accessed = datetime.datetime.utcnow()
+    return response
+
 def delete_session(sid):
   """Delete a cached remote session.