changeset 4704:621d9dcc6b00

web.session: bug fix for MoinMoinBugs/1.9_session_lifetime_for_user. We do refresh the session cookie now on each request.
author Reimar Bauer <rb.proj AT googlemail DOT com>
date Thu, 23 Apr 2009 00:01:15 +0200
parents 621c708ecddb
children 5ee532645444
files MoinMoin/web/session.py
diffstat 1 files changed, 9 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/web/session.py	Mon Apr 20 20:32:49 2009 +0200
+++ b/MoinMoin/web/session.py	Thu Apr 23 00:01:15 2009 +0200
@@ -112,16 +112,15 @@
         lifetime_h = cfg.cookie_lifetime[userobj and userobj.valid]
         cookie_lifetime = int(float(lifetime_h) * 3600)
         if cookie_lifetime:
-            if session.new:
-                cookie_expires = time.time() + cookie_lifetime
-                # a secure cookie is not transmitted over unsecure connections:
-                cookie_secure = (cfg.cookie_secure or  # True means: force secure cookies
-                    cfg.cookie_secure is None and request.is_secure)  # None means: https -> secure cookie
-                logging.debug("user: %r, setting session cookie: %r" % (userobj, session.sid))
-                request.set_cookie(self.cookie_name, session.sid,
-                                   max_age=cookie_lifetime, expires=cookie_expires,
-                                   path=cookie_path, domain=cfg.cookie_domain,
-                                   secure=cookie_secure, httponly=cfg.cookie_httponly)
+            cookie_expires = time.time() + cookie_lifetime
+            # a secure cookie is not transmitted over unsecure connections:
+            cookie_secure = (cfg.cookie_secure or  # True means: force secure cookies
+                             cfg.cookie_secure is None and request.is_secure)  # None means: https -> secure cookie
+            logging.debug("user: %r, setting session cookie: %r" % (userobj, session.sid))
+            request.set_cookie(self.cookie_name, session.sid,
+                               max_age=cookie_lifetime, expires=cookie_expires,
+                                path=cookie_path, domain=cfg.cookie_domain,
+                               secure=cookie_secure, httponly=cfg.cookie_httponly)
 
             if session.should_save:
                 store = self._store_get(request)