138 """ |
138 """ |
139 raise NotImplementedError() |
139 raise NotImplementedError() |
140 |
140 |
141 |
141 |
142 class CookieSessionHandler(object): |
142 class CookieSessionHandler(object): |
143 """a session handler using a cookie to store the session identifier |
143 """a session handler using a cookie to store the session identifier""" |
144 |
|
145 :cvar SESSION_VAR: |
|
146 string giving the name of the variable used to store the session |
|
147 identifier |
|
148 """ |
|
149 SESSION_VAR = '__session' |
|
150 |
144 |
151 def __init__(self, appli): |
145 def __init__(self, appli): |
152 self.vreg = appli.vreg |
146 self.vreg = appli.vreg |
153 self.session_manager = self.vreg['components'].select('sessionmanager', |
147 self.session_manager = self.vreg['components'].select('sessionmanager', |
154 vreg=self.vreg) |
148 vreg=self.vreg) |
178 """cleanup sessions which has not been unused since a given amount of |
172 """cleanup sessions which has not been unused since a given amount of |
179 time |
173 time |
180 """ |
174 """ |
181 self.session_manager.clean_sessions() |
175 self.session_manager.clean_sessions() |
182 |
176 |
|
177 def session_cookie(self, req): |
|
178 """return a string giving the name of the cookie used to store the |
|
179 session identifier. |
|
180 """ |
|
181 if req.https: |
|
182 return '__%s_https_session' % self.vreg.config.appid |
|
183 return '__%s_session' % self.vreg.config.appid |
|
184 |
183 def set_session(self, req): |
185 def set_session(self, req): |
184 """associate a session to the request |
186 """associate a session to the request |
185 |
187 |
186 Session id is searched from : |
188 Session id is searched from : |
187 - # form variable |
189 - # form variable |
191 or request authentification as needed |
193 or request authentification as needed |
192 |
194 |
193 :raise Redirect: if authentication has occurred and succeed |
195 :raise Redirect: if authentication has occurred and succeed |
194 """ |
196 """ |
195 cookie = req.get_cookie() |
197 cookie = req.get_cookie() |
196 try: |
198 sessioncookie = self.session_cookie(req) |
197 sessionid = str(cookie[self.SESSION_VAR].value) |
199 try: |
|
200 sessionid = str(cookie[sessioncookie].value) |
198 except KeyError: # no session cookie |
201 except KeyError: # no session cookie |
199 session = self.open_session(req) |
202 session = self.open_session(req) |
200 else: |
203 else: |
201 try: |
204 try: |
202 session = self.get_session(req, sessionid) |
205 session = self.get_session(req, sessionid) |
204 # try to open a new session, so we get an anonymous session if |
207 # try to open a new session, so we get an anonymous session if |
205 # allowed |
208 # allowed |
206 try: |
209 try: |
207 session = self.open_session(req) |
210 session = self.open_session(req) |
208 except AuthenticationError: |
211 except AuthenticationError: |
209 req.remove_cookie(cookie, self.SESSION_VAR) |
212 req.remove_cookie(cookie, sessioncookie) |
210 raise |
213 raise |
211 |
214 |
212 def get_session(self, req, sessionid): |
215 def get_session(self, req, sessionid): |
213 return self.session_manager.get_session(req, sessionid) |
216 return self.session_manager.get_session(req, sessionid) |
214 |
217 |
215 def open_session(self, req): |
218 def open_session(self, req): |
216 session = self.session_manager.open_session(req) |
219 session = self.session_manager.open_session(req) |
217 cookie = req.get_cookie() |
220 cookie = req.get_cookie() |
218 cookie[self.SESSION_VAR] = session.sessionid |
221 sessioncookie = self.session_cookie(req) |
|
222 cookie[sessioncookie] = session.sessionid |
219 if req.https and req.base_url().startswith('https://'): |
223 if req.https and req.base_url().startswith('https://'): |
220 cookie[self.SESSION_VAR]['secure'] = True |
224 cookie[sessioncookie]['secure'] = True |
221 req.set_cookie(cookie, self.SESSION_VAR, maxage=None) |
225 req.set_cookie(cookie, sessioncookie, maxage=None) |
222 if not session.anonymous_session: |
226 if not session.anonymous_session: |
223 self._postlogin(req) |
227 self._postlogin(req) |
224 return session |
228 return session |
225 |
229 |
226 def _update_last_login_time(self, req): |
230 def _update_last_login_time(self, req): |
263 def logout(self, req, goto_url): |
267 def logout(self, req, goto_url): |
264 """logout from the instance by cleaning the session and raising |
268 """logout from the instance by cleaning the session and raising |
265 `AuthenticationError` |
269 `AuthenticationError` |
266 """ |
270 """ |
267 self.session_manager.close_session(req.session) |
271 self.session_manager.close_session(req.session) |
268 req.remove_cookie(req.get_cookie(), self.SESSION_VAR) |
272 sessioncookie = self.session_cookie(req) |
|
273 req.remove_cookie(req.get_cookie(), sessioncookie) |
269 raise LogOut(url=goto_url) |
274 raise LogOut(url=goto_url) |
270 |
275 |
271 |
276 |
272 class CubicWebPublisher(object): |
277 class CubicWebPublisher(object): |
273 """the publisher is a singleton hold by the web frontend, and is responsible |
278 """the publisher is a singleton hold by the web frontend, and is responsible |