diff options
| author | Jogi Hofmüller <jogi@mur.at> | 2011-08-02 15:12:25 +0000 |
|---|---|---|
| committer | Jogi Hofmüller <jogi@mur.at> | 2011-08-02 15:12:25 +0000 |
| commit | 66fa9853c0499fc95b37ba54ed121a5ac00b6015 (patch) | |
| tree | 33b0d5f58d34050d898de5eb7581667c98a13a47 /tools/mmd/MmdSession.py | |
| parent | - started working on user locations (diff) | |
- added renewal for session id (every ten minutes)
- changed session timeout from ten minutes to two days
git-svn-id: https://svn.spreadspace.org/mur.sat@93 7de4ea59-55d0-425e-a1af-a3118ea81d4c
Diffstat (limited to 'tools/mmd/MmdSession.py')
| -rw-r--r-- | tools/mmd/MmdSession.py | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/tools/mmd/MmdSession.py b/tools/mmd/MmdSession.py index e1e171d..d831fba 100644 --- a/tools/mmd/MmdSession.py +++ b/tools/mmd/MmdSession.py @@ -6,8 +6,11 @@ from MmdDb import Db from MmdUser import User import time -# session timeout set to 10 minutes (600 seconds) -timeout = 600 +# session timeout set to 2 days +session_timeout = 3600 * 24 * 2 +# every 10 minutes we get a new session id and +# reset the cookie in the user's browser +renewal_timeout = 600 class Session: @@ -19,17 +22,29 @@ class Session: self.user = User () s = self.db.sessionFind (session_id) if not s: - self.db.sessionInit (self.session_id, self.user.email, int (time.strftime ('%s')) + timeout, self.status) + now = int (time.strftime ('%s')) + self.expires = now + session_timeout + self.renewal = now + renewal_timeout + self.db.sessionInit (self.session_id, self.user.email, self.expires, self.renewal, self.status) else: self.user.load (s['email']) self.status = s['status'] + self.expires = int (s['expires']) + self.renewal = int (s['renewal']) def addHeader (self, header): self.headers.append (header) - def update (self): - self.expires = int (time.strftime ('%s')) + timeout - self.db.sessionUpdate (self.session_id, self.expires) + def renew (self, token): + now = int (time.strftime ('%s')) + self.expires = now + session_timeout + if self.renewal > now: + self.db.sessionUpdate (self.session_id, self.expires) + return False + self.renewal = now + renewal_timeout + self.db.sessionRenew (self.session_id, self.expires, self.renewal, token) + self.session_id = token + return True def setStatus (self, status = 'anon'): self.status = status @@ -37,10 +52,7 @@ class Session: self.db.sessionSetEmail (self.session_id, self.user.email) def valid (self): - data = self.db.sessionFind (self.session_id) - if not data: - return False - if data['expires'] < int (time.strftime ('%s')): + if self.expires < int (time.strftime ('%s')): return False return True |