annotate MoinMoin/web/session.py @ 5580:af56baebf4d1

sessions: fix expiry check
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 23 Feb 2010 23:45:09 +0100
parents e535351eab08
children dba48cb280f9
rev   line source
4188
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
1 # -*- coding: iso-8859-1 -*-
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
2 """
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
3 MoinMoin - WSGI session handling
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
4
4317
371bf2615ea1 Code review: added some more documentation
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4278
diff changeset
5 To provide sessions, the MoinMoin WSGI application interacts with an
371bf2615ea1 Code review: added some more documentation
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4278
diff changeset
6 object implementing the `SessionService` API. The interface is quite
371bf2615ea1 Code review: added some more documentation
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4278
diff changeset
7 straight forward. For documentation of the expected methods, refer
371bf2615ea1 Code review: added some more documentation
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4278
diff changeset
8 to the documentation of `SessionService` in this module.
4188
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
9
4628
3c6980b5e938 fix new session code. remove old session code. details below.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4607
diff changeset
10 @copyright: 2008 MoinMoin:FlorianKrupicka,
3c6980b5e938 fix new session code. remove old session code. details below.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4607
diff changeset
11 2009 MoinMoin:ThomasWaldmann
4188
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
12 @license: GNU GPL, see COPYING for details.
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
13 """
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
14 import sys, os
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
15 from os import path
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
16 import time
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
17 import tempfile
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
18 import re
5468
be7c57d8e2a3 fix another werkzeug session problem (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5448
diff changeset
19 try:
be7c57d8e2a3 fix another werkzeug session problem (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5448
diff changeset
20 from cPickle import load, dump, HIGHEST_PROTOCOL
be7c57d8e2a3 fix another werkzeug session problem (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5448
diff changeset
21 except ImportError:
be7c57d8e2a3 fix another werkzeug session problem (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5448
diff changeset
22 from pickle import load, dump, HIGHEST_PROTOCOL
4188
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
23
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
24 from werkzeug.contrib.sessions import SessionStore, ModificationTrackingDict
4188
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
25
5468
be7c57d8e2a3 fix another werkzeug session problem (details below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5448
diff changeset
26 from MoinMoin import config
4531
83666cc9dc31 new cfg.session_dir setting, store sessions into cache_dir/__session__ by default
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4530
diff changeset
27 from MoinMoin.util import filesys
5572
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
28 rename = filesys.rename # use MoinMoin's rename until we have it in werkzeug 0.6.1
4188
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
29
4193
1e954e802ed2 Start to make auth work again with the new session layer
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4190
diff changeset
30 from MoinMoin import log
1e954e802ed2 Start to make auth work again with the new session layer
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4190
diff changeset
31 logging = log.getLogger(__name__)
1e954e802ed2 Start to make auth work again with the new session layer
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4190
diff changeset
32
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
33
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
34 # start copy from werkzeug 0.6 - directly import this, if we require >= 0.6:
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
35
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
36 class Session(ModificationTrackingDict):
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
37 """Subclass of a dict that keeps track of direct object changes. Changes
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
38 in mutable structures are not tracked, for those you have to set
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
39 `modified` to `True` by hand.
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
40 """
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
41 __slots__ = ModificationTrackingDict.__slots__ + ('sid', 'new')
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
42
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
43 def __init__(self, data, sid, new=False):
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
44 ModificationTrackingDict.__init__(self, data)
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
45 self.sid = sid
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
46 self.new = new
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
47
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
48 @property
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
49 def should_save(self):
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
50 """True if the session should be saved.
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
51
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
52 .. versionchanged:: 0.6
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
53 By default the session is now only saved if the session is
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
54 modified, not if it is new like it was before.
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
55 """
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
56 return self.modified
4188
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
57
5447
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
58 def __repr__(self):
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
59 return '<%s %s %s%s>' % (
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
60 self.__class__.__name__,
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
61 self.sid,
5447
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
62 dict.__repr__(self),
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
63 self.should_save and '*' or ''
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
64 )
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
65
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
66
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
67 #: used for temporary files by the filesystem session store
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
68 _fs_transaction_suffix = '.__wz_sess'
5447
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
69
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
70 class FilesystemSessionStore(SessionStore):
5572
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
71 """Simple example session store that saves sessions on the filesystem.
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
72 This store works best on POSIX systems and Windows Vista / Windows
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
73 Server 2008 and newer.
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
74
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
75 .. versionchanged:: 0.6
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
76 `renew_missing` was added. Previously this was considered `True`,
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
77 now the default changed to `False` and it can be explicitly
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
78 deactivated.
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
79
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
80 :param path: the path to the folder used for storing the sessions.
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
81 If not provided the default temporary directory is used.
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
82 :param filename_template: a string template used to give the session
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
83 a filename. ``%s`` is replaced with the
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
84 session id.
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
85 :param session_class: The session class to use. Defaults to
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
86 :class:`Session`.
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
87 :param renew_missing: set to `True` if you want the store to
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
88 give the user a new sid if the session was
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
89 not yet saved.
5447
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
90 """
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
91
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
92 def __init__(self, path=None, filename_template='werkzeug_%s.sess',
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
93 session_class=None, renew_missing=False, mode=0644):
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
94 SessionStore.__init__(self, session_class)
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
95 if path is None:
5572
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
96 path = tempfile.gettempdir()
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
97 self.path = path
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
98 if isinstance(filename_template, unicode):
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
99 filename_template = filename_template.encode(
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
100 sys.getfilesystemencoding() or 'utf-8')
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
101 assert not filename_template.endswith(_fs_transaction_suffix), \
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
102 'filename templates may not end with %s' % _fs_transaction_suffix
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
103 self.filename_template = filename_template
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
104 self.renew_missing = renew_missing
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
105 self.mode = mode
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
106
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
107 def get_session_filename(self, sid):
5572
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
108 # out of the box, this should be a strict ASCII subset but
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
109 # you might reconfigure the session object to have a more
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
110 # arbitrary string.
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
111 if isinstance(sid, unicode):
5572
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
112 sid = sid.encode(sys.getfilesystemencoding() or 'utf-8')
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
113 return path.join(self.path, self.filename_template % sid)
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
114
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
115 def save(self, session):
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
116 fn = self.get_session_filename(session.sid)
5572
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
117 fd, tmp = tempfile.mkstemp(suffix=_fs_transaction_suffix,
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
118 dir=self.path)
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
119 f = os.fdopen(fd, 'wb')
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
120 try:
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
121 dump(dict(session), f, HIGHEST_PROTOCOL)
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
122 finally:
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
123 f.close()
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
124 try:
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
125 rename(tmp, fn)
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
126 os.chmod(fn, self.mode)
5572
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
127 except (IOError, OSError):
1302238342cd update FilesystemSessionStore copy from werkzeug 0.6.1(pre) repo
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5554
diff changeset
128 pass
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
129
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
130 def delete(self, session):
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
131 fn = self.get_session_filename(session.sid)
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
132 try:
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
133 os.unlink(fn)
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
134 except OSError:
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
135 pass
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
136
5447
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
137 def get(self, sid):
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
138 if not self.is_valid_key(sid):
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
139 return self.new()
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
140 try:
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
141 f = open(self.get_session_filename(sid), 'rb')
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
142 except IOError:
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
143 if self.renew_missing:
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
144 return self.new()
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
145 data = {}
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
146 else:
5447
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
147 try:
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
148 try:
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
149 data = load(f)
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
150 except Exception:
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
151 data = {}
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
152 finally:
5447
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
153 f.close()
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
154 return self.session_class(data, sid, False)
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
155
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
156 def list(self):
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
157 """Lists all sessions in the store.
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
158
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
159 .. versionadded:: 0.6
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
160 """
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
161 before, after = self.filename_template.split('%s', 1)
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
162 filename_re = re.compile(r'%s(.{5,})%s$' % (re.escape(before),
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
163 re.escape(after)))
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
164 result = []
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
165 for filename in os.listdir(self.path):
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
166 #: this is a session that is still being saved.
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
167 if filename.endswith(_fs_transaction_suffix):
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
168 continue
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
169 match = filename_re.match(filename)
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
170 if match is not None:
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
171 result.append(match.group(1))
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
172 return result
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
173
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
174 # end copy of werkzeug 0.6 code
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
175
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
176
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
177 class MoinSession(Session):
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
178 """ Compatibility interface to Werkzeug-sessions for old Moin-code.
5554
0dea6dbebafb web.session: PEP8 whitespace fix
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5548
diff changeset
179
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
180 is_new is DEPRECATED and will go away soon.
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
181 """
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
182 def _get_is_new(self):
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
183 logging.warning("Deprecated use of MoinSession.is_new, please use .new")
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
184 return self.new
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
185 is_new = property(_get_is_new)
5448
5518d41fc686 move SID listing functionality to FixedFilesystemSessionStore
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5447
diff changeset
186
5447
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
187
4211
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
188 class SessionService(object):
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
189 """
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
190 A session service returns a session object given a request object and
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
191 provides services like persisting sessions and cleaning up occasionally.
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
192 """
4529
002c21b10561 fix / finish xmlrpc auth token (session) code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4317
diff changeset
193 def get_session(self, request, sid=None):
4211
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
194 """ Return a session object pertaining to the particular request."""
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
195 raise NotImplementedError
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
196
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
197 def destroy_session(self, request, session):
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
198 """ Destroy an existing session (make it unusable). """
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
199 raise NotImplementedError
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
200
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
201 def finalize(self, request, session):
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
202 """
4317
371bf2615ea1 Code review: added some more documentation
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4278
diff changeset
203 If the service needs to do anything to the session and/or request,
371bf2615ea1 Code review: added some more documentation
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4278
diff changeset
204 before it is sent back to the client, he can chose to do so here.
371bf2615ea1 Code review: added some more documentation
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4278
diff changeset
205 Typical examples would be setting cookies for the client.
4211
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
206 """
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
207 raise NotImplementedError
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
208
5425
bd55be7c3886 store expiry into sessions, moin maint cleansessions script, session enumeration support
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5414
diff changeset
209 def get_all_session_ids(self, request):
bd55be7c3886 store expiry into sessions, moin maint cleansessions script, session enumeration support
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5414
diff changeset
210 """
bd55be7c3886 store expiry into sessions, moin maint cleansessions script, session enumeration support
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5414
diff changeset
211 Return a list of all session ids known to the SessionService.
bd55be7c3886 store expiry into sessions, moin maint cleansessions script, session enumeration support
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5414
diff changeset
212 """
bd55be7c3886 store expiry into sessions, moin maint cleansessions script, session enumeration support
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5414
diff changeset
213 raise NotImplementedError
bd55be7c3886 store expiry into sessions, moin maint cleansessions script, session enumeration support
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5414
diff changeset
214
bd55be7c3886 store expiry into sessions, moin maint cleansessions script, session enumeration support
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5414
diff changeset
215
4705
5ee532645444 web.session: bug fix for MoinMoinBugs/1.9_remember_me_broken.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4704
diff changeset
216 def _get_session_lifetime(request, userobj):
4706
0fd171596794 web.session: PEP8 whitespace fix
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4705
diff changeset
217 """ Get session lifetime for the user object userobj
0fd171596794 web.session: PEP8 whitespace fix
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4705
diff changeset
218 Cookie lifetime in hours, can be fractional. First tuple element is for anonymous sessions,
0fd171596794 web.session: PEP8 whitespace fix
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4705
diff changeset
219 second tuple element is for logged-in sessions. For anonymous sessions,
0fd171596794 web.session: PEP8 whitespace fix
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4705
diff changeset
220 t=0 means that they are disabled, t>0 means that many hours.
0fd171596794 web.session: PEP8 whitespace fix
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4705
diff changeset
221 For logged-in sessions, t>0 means that many hours,
0fd171596794 web.session: PEP8 whitespace fix
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4705
diff changeset
222 or forever if user checked 'remember_me', t<0 means -t hours and
4705
5ee532645444 web.session: bug fix for MoinMoinBugs/1.9_remember_me_broken.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4704
diff changeset
223 ignore user 'remember_me' setting - you usually don't want to use t=0, it disables logged-in sessions."""
5ee532645444 web.session: bug fix for MoinMoinBugs/1.9_remember_me_broken.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4704
diff changeset
224 lifetime = int(float(request.cfg.cookie_lifetime[userobj and userobj.valid]) * 3600)
5ee532645444 web.session: bug fix for MoinMoinBugs/1.9_remember_me_broken.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4704
diff changeset
225 forever = 10 * 365 * 24 * 3600 # 10 years
5ee532645444 web.session: bug fix for MoinMoinBugs/1.9_remember_me_broken.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4704
diff changeset
226
5ee532645444 web.session: bug fix for MoinMoinBugs/1.9_remember_me_broken.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4704
diff changeset
227 if userobj and userobj.valid and userobj.remember_me and lifetime > 0:
5ee532645444 web.session: bug fix for MoinMoinBugs/1.9_remember_me_broken.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4704
diff changeset
228 return forever
5ee532645444 web.session: bug fix for MoinMoinBugs/1.9_remember_me_broken.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4704
diff changeset
229 return abs(lifetime)
5ee532645444 web.session: bug fix for MoinMoinBugs/1.9_remember_me_broken.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4704
diff changeset
230
5575
17cf01154e12 sessions: remove code not needed any more due to new werkzeug session code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5572
diff changeset
231
5408
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
232 def get_cookie_name(request, name, usage, software='MOIN'):
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
233 """
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
234 Determine the full cookie name for some software (usually 'MOIN') using
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
235 it for some usage (e.g. 'SESSION') for some wiki (or group of wikis)
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
236 determined by name.
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
237
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
238 Note:
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
239 -----
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
240 We do not use the path=... information in the cookie any more, because it can
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
241 easily cause confusion if there are multiple cookies with same name, but
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
242 different pathes (like e.g. / and /foo).
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
243
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
244 Instead of using the cookie path, we use differently named cookies, so we get
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
245 the right cookie no matter at what URL the wiki currently is "mounted".
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
246
5414
b0c8c2f225f3 Changed default of cfg.cookie_name to use some URL components to make up some name.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5408
diff changeset
247 If name is None, we use some URL components to make up some name.
b0c8c2f225f3 Changed default of cfg.cookie_name to use some URL components to make up some name.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5408
diff changeset
248 For example the cookie name for the default desktop wiki: MOIN_SESSION_8080_ROOT
b0c8c2f225f3 Changed default of cfg.cookie_name to use some URL components to make up some name.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5408
diff changeset
249
b0c8c2f225f3 Changed default of cfg.cookie_name to use some URL components to make up some name.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5408
diff changeset
250 If name is siteidmagic, we just use cfg.siteid, which is unique within a wiki farm
5408
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
251 created by a single farmconfig. If you only run ONE(!) wikiconfig wiki, it
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
252 is also unique, of course, but not if you run multiple wikiconfig wikis under
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
253 same domain.
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
254
5414
b0c8c2f225f3 Changed default of cfg.cookie_name to use some URL components to make up some name.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5408
diff changeset
255 If name is not None (and not 'siteidmagic'), we just use the given name (you
5408
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
256 want to use that to share stuff between several wikis - just give same name
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
257 and it will use the same cookie. same thing if you don't want to share, just
5414
b0c8c2f225f3 Changed default of cfg.cookie_name to use some URL components to make up some name.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5408
diff changeset
258 give a different name then [e.g. if cfg.siteid or 'siteidmagic' doesn't work
5408
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
259 for you]).
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
260
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
261 Moving a wiki to a different URL will break all sessions. Exchanging URLs
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
262 of wikis might lead to confusion (requiring the client to purge the cookies).
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
263 """
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
264 if name is None:
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
265 url_components = [
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
266 # cookies do not store the port, thus we add it to the cookie name:
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
267 request.environ['SERVER_PORT'],
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
268 # we always store path=/ into cookie, thus we add the path to the name:
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
269 ('ROOT' + request.script_root).replace('/', '_'),
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
270 ]
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
271 name = '_'.join(url_components)
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
272
5414
b0c8c2f225f3 Changed default of cfg.cookie_name to use some URL components to make up some name.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5408
diff changeset
273 elif name is 'siteidmagic':
b0c8c2f225f3 Changed default of cfg.cookie_name to use some URL components to make up some name.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5408
diff changeset
274 name = request.cfg.siteid # == config name, unique per farm
b0c8c2f225f3 Changed default of cfg.cookie_name to use some URL components to make up some name.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 5408
diff changeset
275
5408
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
276 return "%s_%s_%s" % (software, usage, name)
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
277
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
278
4211
dde44d6e24ae Removed MoinMoin.web.api, use inheritance and abstract classes
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4198
diff changeset
279 class FileSessionService(SessionService):
4188
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
280 """
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
281 This sample session service stores session information in a temporary
4317
371bf2615ea1 Code review: added some more documentation
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4278
diff changeset
282 directory and identifies the session via a cookie in the request/response
371bf2615ea1 Code review: added some more documentation
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4278
diff changeset
283 cycle. It is based on werkzeug's FilesystemSessionStore, that implements
371bf2615ea1 Code review: added some more documentation
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4278
diff changeset
284 the whole logic for creating the actual session objects (which are
371bf2615ea1 Code review: added some more documentation
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4278
diff changeset
285 inherited from the builtin `dict`)
4188
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
286 """
5408
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
287 def __init__(self, cookie_usage='SESSION'):
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
288 self.cookie_usage = cookie_usage
4531
83666cc9dc31 new cfg.session_dir setting, store sessions into cache_dir/__session__ by default
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4530
diff changeset
289
83666cc9dc31 new cfg.session_dir setting, store sessions into cache_dir/__session__ by default
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4530
diff changeset
290 def _store_get(self, request):
5371
437558fff184 Fix FileSessionService - use session_dir from CURRENT request.cfg.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4706
diff changeset
291 path = request.cfg.session_dir
437558fff184 Fix FileSessionService - use session_dir from CURRENT request.cfg.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4706
diff changeset
292 try:
437558fff184 Fix FileSessionService - use session_dir from CURRENT request.cfg.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4706
diff changeset
293 filesys.mkdir(path)
437558fff184 Fix FileSessionService - use session_dir from CURRENT request.cfg.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4706
diff changeset
294 except OSError:
437558fff184 Fix FileSessionService - use session_dir from CURRENT request.cfg.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4706
diff changeset
295 pass
5575
17cf01154e12 sessions: remove code not needed any more due to new werkzeug session code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5572
diff changeset
296 return FilesystemSessionStore(path=path, filename_template='%s',
17cf01154e12 sessions: remove code not needed any more due to new werkzeug session code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5572
diff changeset
297 session_class=MoinSession, mode=0666 & config.umask)
4198
988b2b672219 Fix tests: source code (indentation, whitespace) mostly
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4195
diff changeset
298
4529
002c21b10561 fix / finish xmlrpc auth token (session) code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4317
diff changeset
299 def get_session(self, request, sid=None):
002c21b10561 fix / finish xmlrpc auth token (session) code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4317
diff changeset
300 if sid is None:
5408
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
301 cookie_name = get_cookie_name(request, name=request.cfg.cookie_name, usage=self.cookie_usage)
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
302 sid = request.cookies.get(cookie_name, None)
5447
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
303 logging.debug("get_session for sid %r" % sid)
4531
83666cc9dc31 new cfg.session_dir setting, store sessions into cache_dir/__session__ by default
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4530
diff changeset
304 store = self._store_get(request)
4188
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
305 if sid is None:
4531
83666cc9dc31 new cfg.session_dir setting, store sessions into cache_dir/__session__ by default
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4530
diff changeset
306 session = store.new()
4188
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
307 else:
5575
17cf01154e12 sessions: remove code not needed any more due to new werkzeug session code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5572
diff changeset
308 session = store.get(sid)
5580
af56baebf4d1 sessions: fix expiry check
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5579
diff changeset
309 expiry = session.get('expires')
af56baebf4d1 sessions: fix expiry check
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5579
diff changeset
310 if expiry is not None:
af56baebf4d1 sessions: fix expiry check
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5579
diff changeset
311 now = time.time()
af56baebf4d1 sessions: fix expiry check
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5579
diff changeset
312 if expiry < now:
af56baebf4d1 sessions: fix expiry check
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5579
diff changeset
313 # the browser should've killed that cookie already.
af56baebf4d1 sessions: fix expiry check
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5579
diff changeset
314 # clock not in sync? trying to cheat?
af56baebf4d1 sessions: fix expiry check
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5579
diff changeset
315 logging.debug("session has expired (expiry: %r now: %r)" % (expiry, now))
af56baebf4d1 sessions: fix expiry check
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5579
diff changeset
316 self.destroy_session(request, session)
af56baebf4d1 sessions: fix expiry check
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5579
diff changeset
317 session = store.new()
5447
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
318 logging.debug("get_session returns session %r" % session)
4188
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
319 return session
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
320
5425
bd55be7c3886 store expiry into sessions, moin maint cleansessions script, session enumeration support
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5414
diff changeset
321 def get_all_session_ids(self, request):
5448
5518d41fc686 move SID listing functionality to FixedFilesystemSessionStore
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5447
diff changeset
322 store = self._store_get(request)
5548
a42e6b2cd528 sessions: implant code from werkzeug 0.6, fix it
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5468
diff changeset
323 return store.list()
5425
bd55be7c3886 store expiry into sessions, moin maint cleansessions script, session enumeration support
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5414
diff changeset
324
4195
2d8a9f98382b Added 'destroy_session' to session service api
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4193
diff changeset
325 def destroy_session(self, request, session):
2d8a9f98382b Added 'destroy_session' to session service api
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4193
diff changeset
326 session.clear()
4531
83666cc9dc31 new cfg.session_dir setting, store sessions into cache_dir/__session__ by default
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4530
diff changeset
327 store = self._store_get(request)
83666cc9dc31 new cfg.session_dir setting, store sessions into cache_dir/__session__ by default
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4530
diff changeset
328 store.delete(session)
4195
2d8a9f98382b Added 'destroy_session' to session service api
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4193
diff changeset
329
4188
a2709307da3d New (sample) session service
Florian Krupicka <florian.krupicka@googlemail.com>
parents:
diff changeset
330 def finalize(self, request, session):
4530
0ac99fdbe65d fixed suid functionality, compute cfg.auth_methods only once
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4529
diff changeset
331 if request.user.auth_method == 'setuid':
0ac99fdbe65d fixed suid functionality, compute cfg.auth_methods only once
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4529
diff changeset
332 userobj = request._setuid_real_user
0ac99fdbe65d fixed suid functionality, compute cfg.auth_methods only once
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4529
diff changeset
333 setuid = request.user.id
0ac99fdbe65d fixed suid functionality, compute cfg.auth_methods only once
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4529
diff changeset
334 else:
0ac99fdbe65d fixed suid functionality, compute cfg.auth_methods only once
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4529
diff changeset
335 userobj = request.user
0ac99fdbe65d fixed suid functionality, compute cfg.auth_methods only once
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4529
diff changeset
336 setuid = None
0ac99fdbe65d fixed suid functionality, compute cfg.auth_methods only once
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4529
diff changeset
337 logging.debug("finalize userobj = %r, setuid = %r" % (userobj, setuid))
4193
1e954e802ed2 Start to make auth work again with the new session layer
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4190
diff changeset
338
5579
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
339 cfg = request.cfg
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
340 # we use different cookie names for different wikis:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
341 cookie_name = get_cookie_name(request, name=cfg.cookie_name, usage=self.cookie_usage)
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
342 # we always use path='/' except if explicitly overridden by configuration,
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
343 # which is usually not needed and not recommended:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
344 cookie_path = cfg.cookie_path or '/'
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
345 # a secure cookie is not transmitted over unsecure connections:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
346 cookie_secure = (cfg.cookie_secure or # True means: force secure cookies
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
347 cfg.cookie_secure is None and request.is_secure) # None means: https -> secure cookie
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
348
4705
5ee532645444 web.session: bug fix for MoinMoinBugs/1.9_remember_me_broken.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4704
diff changeset
349 cookie_lifetime = _get_session_lifetime(request, userobj)
5579
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
350 # we use 60s granularity, so we don't trigger session storage updates too often
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
351 cookie_expires = int(time.time() / 60) * 60 + cookie_lifetime
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
352 # when transiting logged-in -> logged out we want to kill the session
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
353 # to protect privacy (do not show trail, even if anon sessions are on)
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
354 kill_session = not userobj.valid and 'user.id' in session
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
355 if kill_session:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
356 logging.debug("logout detected, will kill session")
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
357 if cookie_lifetime and not kill_session:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
358 logging.debug("setting session cookie: %r" % (session.sid, ))
5408
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
359 request.set_cookie(cookie_name, session.sid,
4704
621d9dcc6b00 web.session: bug fix for MoinMoinBugs/1.9_session_lifetime_for_user. We do refresh the session cookie now on each request.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4637
diff changeset
360 max_age=cookie_lifetime, expires=cookie_expires,
5408
4226fde63931 generate session cookie names to fix some issues (details see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5371
diff changeset
361 path=cookie_path, domain=cfg.cookie_domain,
4704
621d9dcc6b00 web.session: bug fix for MoinMoinBugs/1.9_session_lifetime_for_user. We do refresh the session cookie now on each request.
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 4637
diff changeset
362 secure=cookie_secure, httponly=cfg.cookie_httponly)
5579
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
363 elif not session.new:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
364 # we still got a cookie, but we don't want it. kill it.
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
365 logging.debug("deleting session cookie!")
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
366 request.delete_cookie(cookie_name, path=cookie_path, domain=cfg.cookie_domain)
4278
7a6d93a96a98 Fixed: wrong cookie path made session restricted to login-action-path
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4232
diff changeset
367
5579
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
368 def update_session(key, val):
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
369 """ put key/val into session, avoid writing if it is unchanged """
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
370 try:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
371 current_val = session[key]
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
372 except KeyError:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
373 session[key] = val
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
374 else:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
375 if val != current_val:
5577
092ce221f03a session finalize: refactor, don't save cleared session on logout
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5576
diff changeset
376 session[key] = val
092ce221f03a session finalize: refactor, don't save cleared session on logout
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5576
diff changeset
377
5579
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
378 if not session.new:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
379 # add some info about expiry to the sessions, so we can purge them.
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
380 # also, make sure we notice server-side if a session is expired, do
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
381 # not rely on the client to expire the cookie.
5576
6b94d284ad11 avoid writing key/value to session dict if value doesn't change
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5575
diff changeset
382 update_session('expires', cookie_expires)
5579
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
383
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
384 if cookie_lifetime and not kill_session:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
385 # we have set the cookie, now update the session store
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
386
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
387 if userobj.valid:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
388 # we have a logged-in user
5577
092ce221f03a session finalize: refactor, don't save cleared session on logout
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5576
diff changeset
389 update_session('user.id', userobj.id)
092ce221f03a session finalize: refactor, don't save cleared session on logout
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5576
diff changeset
390 update_session('user.auth_method', userobj.auth_method)
092ce221f03a session finalize: refactor, don't save cleared session on logout
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5576
diff changeset
391 update_session('user.auth_attribs', userobj.auth_attribs)
092ce221f03a session finalize: refactor, don't save cleared session on logout
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5576
diff changeset
392 if setuid:
092ce221f03a session finalize: refactor, don't save cleared session on logout
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5576
diff changeset
393 update_session('setuid', setuid)
092ce221f03a session finalize: refactor, don't save cleared session on logout
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5576
diff changeset
394 elif 'setuid' in session:
092ce221f03a session finalize: refactor, don't save cleared session on logout
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5576
diff changeset
395 del session['setuid']
5579
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
396 logging.debug("storing valid user into session: %r" % userobj.name)
5577
092ce221f03a session finalize: refactor, don't save cleared session on logout
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5576
diff changeset
397 else:
5579
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
398 # no logged-in user (not logged in or just has logged out)
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
399 for key in ['user.id', 'user.auth_method', 'user.auth_attribs',
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
400 'setuid', ]:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
401 if key in session:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
402 del session[key]
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
403 logging.debug("no valid user, cleaned user info from session")
5576
6b94d284ad11 avoid writing key/value to session dict if value doesn't change
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5575
diff changeset
404
5447
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
405 if ((not userobj.valid and not session.new # anon users with a cookie (not first request)
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
406 or
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
407 userobj.valid) # logged-in users, even if THIS was the first request (no cookie yet)
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
408 # XXX if UA doesn't support cookies, this creates 1 session file per request
fed925dfdc0d improve moin's session handling / fix werkzeug by subclassing (see below)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5433
diff changeset
409 and
5577
092ce221f03a session finalize: refactor, don't save cleared session on logout
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5576
diff changeset
410 session.should_save # only if we really have something (modified) to save
092ce221f03a session finalize: refactor, don't save cleared session on logout
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5576
diff changeset
411 ):
4637
ff5be6bb7a49 only save session data if we also have a cookie establishing a session
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4629
diff changeset
412 store = self._store_get(request)
ff5be6bb7a49 only save session data if we also have a cookie establishing a session
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4629
diff changeset
413 logging.debug("saving session: %r" % session)
ff5be6bb7a49 only save session data if we also have a cookie establishing a session
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4629
diff changeset
414 store.save(session)
5579
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
415 elif not session.new:
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
416 # we killed the cookie (see above), so we can kill the session store, too
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
417 logging.debug("destroying session: %r" % session)
e535351eab08 sessions: fix not being able to log out if anon sessions disabled, check expiry
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5577
diff changeset
418 self.destroy_session(request, session)
4529
002c21b10561 fix / finish xmlrpc auth token (session) code
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4317
diff changeset
419