From e3ef02918e4eb406d14d51e22125db6138d4eba3 Mon Sep 17 00:00:00 2001
From: Matthew Letter <mletter1@unm.edu>
Date: Wed, 24 Aug 2016 16:34:41 -0600
Subject: [PATCH] added session status check #633

---
 packages/slycat/web/server/handlers.py |  5 ++--
 packages/slycat/web/server/remote.py   | 32 ++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/packages/slycat/web/server/handlers.py b/packages/slycat/web/server/handlers.py
index 09bfa87c8..6bd5e6bb0 100644
--- a/packages/slycat/web/server/handlers.py
+++ b/packages/slycat/web/server/handlers.py
@@ -1769,8 +1769,9 @@ def get_remotes(hostname):
     session = database.get("session", cherrypy.request.cookie["slycatauth"].value)
     for session in session["sessions"]:
       if session["hostname"] == hostname:
-        status = True
-        msg = "hostname session was found"
+        if slycat.web.server.remote.check_session(session["sid"]):
+          status = True
+          msg = "hostname session was found"
   except Exception as e:
     cherrypy.log.error("could not save session for remotes %s" % e)
   return {"status":status, "msg":msg}
diff --git a/packages/slycat/web/server/remote.py b/packages/slycat/web/server/remote.py
index 184478e68..aa5b8af1c 100644
--- a/packages/slycat/web/server/remote.py
+++ b/packages/slycat/web/server/remote.py
@@ -955,6 +955,38 @@ def get_session(sid):
     session._accessed = datetime.datetime.utcnow()
     return session
 
+def check_session(sid):
+  """Return a true if session is active
+
+  If the session has timed-out or doesn't exist, returns false
+
+  Parameters
+  ----------
+  sid : string
+    Unique session identifier returned by :func:`slycat.web.server.remote.create_session`.
+
+  Returns
+  -------
+  boolean :
+  """
+  client = cherrypy.request.headers.get("x-forwarded-for")
+
+  with session_cache_lock:
+    _expire_session(sid)
+    response = True
+    if sid in session_cache:
+      session = session_cache[sid]
+      # Only the originating client can access a session.
+      if client != session.client:
+        response = False
+
+    if sid not in session_cache:
+      response = False
+    if response:
+      session = session_cache[sid]
+      session._accessed = datetime.datetime.utcnow()
+    return response
+
 def delete_session(sid):
   """Delete a cached remote session.