changeset 4278:7a6d93a96a98

Fixed: wrong cookie path made session restricted to login-action-path
author Florian Krupicka <florian.krupicka@googlemail.com>
date Thu, 07 Aug 2008 20:39:57 +0200
parents c9240417af81
children d5aa1ac55789
files MoinMoin/web/session.py
diffstat 1 files changed, 8 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/web/session.py	Thu Aug 07 00:17:54 2008 +0200
+++ b/MoinMoin/web/session.py	Thu Aug 07 20:39:57 2008 +0200
@@ -64,7 +64,6 @@
     def destroy_session(self, request, session):
         session.clear()
         self.store.delete(session)
-        session.modified = session.new = False
 
     def finalize(self, request, session):
         userobj = request.user
@@ -79,14 +78,17 @@
             if 'user.id' in session:
                 self.destroy_session(request, session)
 
-        if session.should_save:
-            self.store.save(session)
-
         if session.new:
             cookie_lifetime = request.cfg.cookie_lifetime * 3600
             cookie_expires = time.time() + cookie_lifetime
+            if request.cfg.cookie_path:
+                cookie_path = request.cfg.cookie_path
+            else:
+                cookie_path = request.script_root or '/'
             cookie = dump_cookie(self.cookie_name, session.sid,
                                  cookie_lifetime, cookie_expires,
-                                 request.cfg.cookie_domain,
-                                 request.cfg.cookie_path)
+                                 cookie_path, request.cfg.cookie_domain)
             request.headers.add('Set-Cookie', cookie)
+
+        if session.should_save:
+            self.store.save(session)