Permalink
Browse files

always reset the session when auth session expires

  • Loading branch information...
mdipierro committed Mar 3, 2014
1 parent c5b996c commit 7592cd2fe031509446042d5c768c90116ebfaf9c
Showing with 19 additions and 8 deletions.
  1. +1 −1 VERSION
  2. +18 −7 gluon/tools.py
View
@@ -1 +1 @@
-Version 2.9.2-stable+timestamp.2014.03.02.17.46.39
+Version 2.9.2-stable+timestamp.2014.03.03.08.43.05
View
@@ -1153,16 +1153,27 @@ def __init__(self, environment=None, db=None, mailer=True,
self.user_groups = auth and auth.user_groups or {}
if secure:
request.requires_https()
- if auth and auth.last_visit and auth.last_visit + \
- datetime.timedelta(days=0, seconds=auth.expiration) > request.now:
- self.user = auth.user
- # this is a trick to speed up sessions
- if (request.now - auth.last_visit).seconds > (auth.expiration / 10):
- auth.last_visit = request.now
+ now = request.now
+ # if we have auth info
+ # if not expired it, used it
+ # if expired, clear the session
+ # else, only clear auth info in the session
+ if auth:
+ delta = datetime.timedelta(days=0, seconds=auth.expiration)
+ if auth.last_visit and auth.last_visit + delta > now:
+ self.user = auth.user
+ # this is a trick to speed up sessions to avoid many writes
+ if (now - auth.last_visit).seconds > (auth.expiration / 10):
+ auth.last_visit = request.now
+ else:
+ self.user = None
+ if session.auth:
+ del session.auth
+ session.renew(clear_session=True)
else:
self.user = None
if session.auth:
- del session.auth
+ del session.auth
# ## what happens after login?
url_index = URL(controller, 'index')

0 comments on commit 7592cd2

Please sign in to comment.