changeset 4637:ff5be6bb7a49

only save session data if we also have a cookie establishing a session
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 08 Mar 2009 13:33:04 +0100
parents 83483f4e26cb
children 7bc4d1571f8f
files MoinMoin/web/session.py
diffstat 1 files changed, 8 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/web/session.py	Sat Mar 07 22:38:00 2009 +0100
+++ b/MoinMoin/web/session.py	Sun Mar 08 13:33:04 2009 +0100
@@ -109,10 +109,10 @@
                 logging.debug("after auth: deleting session cookie!")
                 request.delete_cookie(self.cookie_name, path=cookie_path, domain=cfg.cookie_domain)
 
-        if session.new:
-            lifetime_h = cfg.cookie_lifetime[userobj and userobj.valid]
-            cookie_lifetime = int(float(lifetime_h) * 3600)
-            if cookie_lifetime:
+        lifetime_h = cfg.cookie_lifetime[userobj and userobj.valid]
+        cookie_lifetime = int(float(lifetime_h) * 3600)
+        if cookie_lifetime:
+            if session.new:
                 cookie_expires = time.time() + cookie_lifetime
                 # a secure cookie is not transmitted over unsecure connections:
                 cookie_secure = (cfg.cookie_secure or  # True means: force secure cookies
@@ -123,8 +123,8 @@
                                    path=cookie_path, domain=cfg.cookie_domain,
                                    secure=cookie_secure, httponly=cfg.cookie_httponly)
 
-        if session.should_save:
-            store = self._store_get(request)
-            logging.debug("saving session: %r" % session)
-            store.save(session)
+            if session.should_save:
+                store = self._store_get(request)
+                logging.debug("saving session: %r" % session)
+                store.save(session)