From 66fa9853c0499fc95b37ba54ed121a5ac00b6015 Mon Sep 17 00:00:00 2001
From: Jogi Hofmüller <jogi@mur.at>
Date: Tue, 2 Aug 2011 15:12:25 +0000
Subject: - added renewal for session id (every ten minutes) - changed session
 timeout from ten minutes to two days

git-svn-id: https://svn.spreadspace.org/mur.sat@93 7de4ea59-55d0-425e-a1af-a3118ea81d4c
---
 tools/mmd/MmdDb.py      |  8 ++++++--
 tools/mmd/MmdSession.py | 32 ++++++++++++++++++++++----------
 tools/mmd/MmdWidgets.py | 18 ++++++++++++++++--
 tools/mmd/mmd.wsgi      |  4 +++-
 4 files changed, 47 insertions(+), 15 deletions(-)

diff --git a/tools/mmd/MmdDb.py b/tools/mmd/MmdDb.py
index 2ef5824..1db8f17 100644
--- a/tools/mmd/MmdDb.py
+++ b/tools/mmd/MmdDb.py
@@ -19,9 +19,9 @@ class Db:
     self.cursor.execute ('SELECT * FROM session WHERE id=?', (session_id,))
     return self.cursor.fetchone ()
 
-  def sessionInit (self, session_id, email, expires, status):
+  def sessionInit (self, session_id, email, expires, renewal, status):
     try:
-      self.cursor.execute ('INSERT INTO session (id, email, expires, status) VALUES (?,?,?,?)', (session_id, email, expires, status,))
+      self.cursor.execute ('INSERT INTO session (id, email, expires, renewal, status) VALUES (?,?,?,?,?)', (session_id, email, expires, renewal, status,))
       self.conn.commit ()
       return True
     except sqlite3.IntegrityError:
@@ -35,6 +35,10 @@ class Db:
     self.cursor.execute ('UPDATE session SET expires=? WHERE id=?', (expires, session_id,))
     self.conn.commit ()
 
+  def sessionRenew (self, session_id, expires, renewal, token):
+    self.cursor.execute ('UPDATE session SET expires=?,renewal=?,id=? WHERE id=?', (expires, renewal, token, session_id,))
+    self.conn.commit ()
+
   def sessionSetEmail (self, session_id, email):
     self.cursor.execute ('UPDATE session SET email=? WHERE id=?', (email, session_id))
     self.conn.commit ()
diff --git a/tools/mmd/MmdSession.py b/tools/mmd/MmdSession.py
index e1e171d..d831fba 100644
--- a/tools/mmd/MmdSession.py
+++ b/tools/mmd/MmdSession.py
@@ -6,8 +6,11 @@ from MmdDb import Db
 from MmdUser import User
 import time
 
-# session timeout set to 10 minutes (600 seconds)
-timeout = 600
+# session timeout set to 2 days
+session_timeout = 3600 * 24 * 2
+# every 10 minutes we get a new session id and 
+# reset the cookie in the user's browser
+renewal_timeout = 600
 
 class Session:
 
@@ -19,17 +22,29 @@ class Session:
     self.user = User ()
     s = self.db.sessionFind (session_id)
     if not s:
-      self.db.sessionInit (self.session_id, self.user.email, int (time.strftime ('%s')) + timeout, self.status)
+      now = int (time.strftime ('%s'))
+      self.expires = now + session_timeout
+      self.renewal = now + renewal_timeout
+      self.db.sessionInit (self.session_id, self.user.email, self.expires, self.renewal, self.status)
     else:
       self.user.load (s['email'])
       self.status = s['status']
+      self.expires = int (s['expires'])
+      self.renewal = int (s['renewal'])
 
   def addHeader (self, header):
     self.headers.append (header)
 
-  def update (self):
-    self.expires = int (time.strftime ('%s')) + timeout
-    self.db.sessionUpdate (self.session_id, self.expires)
+  def renew (self, token):
+    now = int (time.strftime ('%s'))
+    self.expires = now + session_timeout
+    if self.renewal > now:
+      self.db.sessionUpdate (self.session_id, self.expires)
+      return False
+    self.renewal = now + renewal_timeout
+    self.db.sessionRenew (self.session_id, self.expires, self.renewal, token)
+    self.session_id = token
+    return True
 
   def setStatus (self, status = 'anon'):
     self.status = status
@@ -37,10 +52,7 @@ class Session:
     self.db.sessionSetEmail (self.session_id, self.user.email)
 
   def valid (self):
-    data = self.db.sessionFind (self.session_id)
-    if not data:
-      return False
-    if data['expires'] < int (time.strftime ('%s')):
+    if self.expires < int (time.strftime ('%s')):
       return False
     return True
 
diff --git a/tools/mmd/MmdWidgets.py b/tools/mmd/MmdWidgets.py
index cfd4a7d..ec77eb0 100644
--- a/tools/mmd/MmdWidgets.py
+++ b/tools/mmd/MmdWidgets.py
@@ -66,7 +66,12 @@ def registerFormWidget ():
 def registerWidget ():
   html = '''
   <h3>Thank you for registering!</h3>
-  You will receive an email containing a link to confirm your registration.  Please use this link within 24 hours to complete registration.
+  <div>
+   You will receive an email containing a link to complete your registration.  This link will stay valid for 24 hours.
+  </div>
+  <div>
+   Regards from the MURSAT1 team
+  </div>
   '''
 
   return html
@@ -193,8 +198,17 @@ def indexWidget (lcol, rcol, status, debug_info = False):
      Email: {2}
      Status: {3}
      Expires: {4}
+     Renewal: {5}
+     Now: {6}
     </pre>
-    '''.format (debug_info.session_id, debug_info.ip, debug_info.user.email, debug_info.status, debug_info.expires)
+    '''.format (
+      debug_info.session_id,
+      debug_info.ip,
+      debug_info.user.email,
+      debug_info.status,
+      debug_info.expires,
+      debug_info.renewal,
+      time.strftime ('%s'))
   else:
     debug = ''
 
diff --git a/tools/mmd/mmd.wsgi b/tools/mmd/mmd.wsgi
index 231f1a0..5503c40 100644
--- a/tools/mmd/mmd.wsgi
+++ b/tools/mmd/mmd.wsgi
@@ -39,7 +39,9 @@ def application (environ, response):
   except KeyError:
     session.qs = parse_qs (environ['QUERY_STRING'], True)
 
-  session.update ()
+  if session.renew (environ['UNIQUE_ID']):
+    cookie['mmd'] = environ['UNIQUE_ID']
+    session.addHeader (('Set-Cookie', cookie.output (header = '').strip ()))
   session.ip = environ['REMOTE_ADDR']
   session.http_status = '200 OK'
   
-- 
cgit v1.2.3