[Webware-discuss] Re: Session invalidate

Ken Lalonde Tue, 17 Jul 2001 13:50:21 -0700
I've been using the patch below to do session invalidation.
The changes are:
        - use the per-session timeout value, not the global SessionTimeout
          when checking for expired sessions.
        - refuse to serve non-regular files (unrelated but useful)
        - tell the client to expire invalid session cookies
        - implement Session.invalidate()


diff -u /tmp/Webware/WebKit/Application.py ./Application.py
--- /tmp/Webware/WebKit/Application.py  Wed Jun 27 19:05:24 2001
+++ ./Application.py    Fri Jun 29 15:52:32 2001
@@ -420,8 +420,10 @@
                sid = request.sessionId()
                if sid:
                        if self._sessions.has_key(sid):
-                               if (time()-request.session().lastAccessTime()) >= 
self.setting('SessionTimeout')*60:
+                               sess = request.session()
+                               if (time()-request.session().lastAccessTime()) >= 
+sess.timeout():
                                        if debug: print prefix, 'session expired: %s' 
% repr(sid)
+                                       sess.invalidate()
                                        del self._sessions[sid]
                                        problematic = 1
                                else:
@@ -1116,7 +1118,7 @@
                        else:
                                print 'WARNING: For %s, did not get precisely 1 
filename: %s' % (urlPath, filenames)
                                return None, None, None
-               elif not os.path.exists(ssPath):
+               elif not os.path.isfile(ssPath):
                        return None, None, None
 
                self._serverSideInfoCacheByPath[urlPath] = ssPath, contextPath, 
contextName
diff -u /tmp/Webware/WebKit/HTTPResponse.py ./HTTPResponse.py
--- /tmp/Webware/WebKit/HTTPResponse.py Sun May 13 17:10:17 2001
+++ ./HTTPResponse.py   Fri Jun 29 15:51:45 2001
@@ -222,6 +222,10 @@
                if sess:
                        cookie = Cookie('_SID_', sess.identifier())
                        cookie.setPath('/')
+                       if sess.timeout() == 0:
+                               # Invalid -- tell client to forget the cookie.
+                               cookie.setMaxAge(0)
+                               cookie.setExpires(-365*24*60*60)
                        self.addCookie(cookie)
                        if debug: print prefix, 'setting sid =', sess.identifier()
                else:
diff -u /tmp/Webware/WebKit/Session.py ./Session.py
--- /tmp/Webware/WebKit/Session.py      Thu Feb 22 22:14:20 2001
+++ ./Session.py        Tue Jul 17 17:08:39 2001
@@ -88,8 +88,9 @@
        ## Invalidate ##
 
        def invalidate(self):
-               ''' Invalidates the session. @@ 2000-05-09 ce: Not implemented. '''
-               raise NotImplementedError
+               ''' Invalidates the session. '''
+               self._timeout = 0
+               self._values = {}
 
 
        ## Values ##

_______________________________________________
Webware-discuss mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/webware-discuss
[Webware-discuss] Re: Session invalidate

Reply via email to
