From 66fa9853c0499fc95b37ba54ed121a5ac00b6015 Mon Sep 17 00:00:00 2001
From: Jogi Hofmüller <jogi@mur.at>
Date: Tue, 2 Aug 2011 15:12:25 +0000
Subject: - added renewal for session id (every ten minutes) - changed session
 timeout from ten minutes to two days

git-svn-id: https://svn.spreadspace.org/mur.sat@93 7de4ea59-55d0-425e-a1af-a3118ea81d4c
---
 tools/mmd/MmdSession.py | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

(limited to 'tools/mmd/MmdSession.py')

diff --git a/tools/mmd/MmdSession.py b/tools/mmd/MmdSession.py
index e1e171d..d831fba 100644
--- a/tools/mmd/MmdSession.py
+++ b/tools/mmd/MmdSession.py
@@ -6,8 +6,11 @@ from MmdDb import Db
 from MmdUser import User
 import time
 
-# session timeout set to 10 minutes (600 seconds)
-timeout = 600
+# session timeout set to 2 days
+session_timeout = 3600 * 24 * 2
+# every 10 minutes we get a new session id and 
+# reset the cookie in the user's browser
+renewal_timeout = 600
 
 class Session:
 
@@ -19,17 +22,29 @@ class Session:
     self.user = User ()
     s = self.db.sessionFind (session_id)
     if not s:
-      self.db.sessionInit (self.session_id, self.user.email, int (time.strftime ('%s')) + timeout, self.status)
+      now = int (time.strftime ('%s'))
+      self.expires = now + session_timeout
+      self.renewal = now + renewal_timeout
+      self.db.sessionInit (self.session_id, self.user.email, self.expires, self.renewal, self.status)
     else:
       self.user.load (s['email'])
       self.status = s['status']
+      self.expires = int (s['expires'])
+      self.renewal = int (s['renewal'])
 
   def addHeader (self, header):
     self.headers.append (header)
 
-  def update (self):
-    self.expires = int (time.strftime ('%s')) + timeout
-    self.db.sessionUpdate (self.session_id, self.expires)
+  def renew (self, token):
+    now = int (time.strftime ('%s'))
+    self.expires = now + session_timeout
+    if self.renewal > now:
+      self.db.sessionUpdate (self.session_id, self.expires)
+      return False
+    self.renewal = now + renewal_timeout
+    self.db.sessionRenew (self.session_id, self.expires, self.renewal, token)
+    self.session_id = token
+    return True
 
   def setStatus (self, status = 'anon'):
     self.status = status
@@ -37,10 +52,7 @@ class Session:
     self.db.sessionSetEmail (self.session_id, self.user.email)
 
   def valid (self):
-    data = self.db.sessionFind (self.session_id)
-    if not data:
-      return False
-    if data['expires'] < int (time.strftime ('%s')):
+    if self.expires < int (time.strftime ('%s')):
       return False
     return True
 
-- 
cgit v1.2.3