heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

save “stay_logged_in” in the session

Browse Source 
Since sessions are rebuilt, e.g. when you try to post a blank
comment and therefore receive an error message, the session will
be overwritten without the old max_age.
This commit is contained in:
Jakob Kramer 2013-05-22 14:51:12 +02:00 committed by Rodney Ewing
parent 527b7e3b57
commit ef57b0622c
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mediagoblin/auth/views.py
View File

@ -89,7 +89,7 @@ def login(request):
if user: if user:
# set up login in session # set up login in session
if login_form.stay_logged_in.data: if login_form.stay_logged_in.data:
request.session.max_age = 30 * 24 * 60 * 60 request.session['stay_logged_in'] = True
request.session['user_id'] = unicode(user.id) request.session['user_id'] = unicode(user.id)
request.session.save() request.session.save()

10
mediagoblin/tools/session.py
View File

@ -21,10 +21,11 @@ import crypto
_log = logging.getLogger(__name__) _log = logging.getLogger(__name__)
MAX_AGE = 30 * 24 * 60 * 60
class Session(dict): class Session(dict):
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
self.send_new_cookie = False self.send_new_cookie = False
self.max_age = None
dict.__init__(self, *args, **kwargs) dict.__init__(self, *args, **kwargs)
def save(self): def save(self):
@ -65,5 +66,10 @@ class SessionManager(object):
elif not session: elif not session:
response.delete_cookie(self.cookie_name) response.delete_cookie(self.cookie_name)
else: else:
if session.get('stay_logged_in', False):
max_age = MAX_AGE
else:
max_age = None
response.set_cookie(self.cookie_name, self.signer.dumps(session), response.set_cookie(self.cookie_name, self.signer.dumps(session),
max_age=session.max_age, httponly=True) max_age=max_age, httponly=True)