|
1 """web session component: by dfault the session is actually the db connection |
|
2 object :/ |
|
3 |
|
4 :organization: Logilab |
|
5 :copyright: 2001-2008 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
|
6 :contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
|
7 """ |
|
8 __docformat__ = "restructuredtext en" |
|
9 |
|
10 from cubicweb.web import ExplicitLogin, InvalidSession |
|
11 from cubicweb.web.application import AbstractSessionManager |
|
12 |
|
13 |
|
14 class InMemoryRepositorySessionManager(AbstractSessionManager): |
|
15 """manage session data associated to a session identifier""" |
|
16 |
|
17 def __init__(self): |
|
18 AbstractSessionManager.__init__(self) |
|
19 # XXX require a RepositoryAuthenticationManager which violates |
|
20 # authenticate interface by returning a session instead of a user |
|
21 #assert isinstance(self.authmanager, RepositoryAuthenticationManager) |
|
22 self._sessions = {} |
|
23 |
|
24 def current_sessions(self): |
|
25 return self._sessions.values() |
|
26 |
|
27 def get_session(self, req, sessionid): |
|
28 """return existing session for the given session identifier""" |
|
29 if not sessionid in self._sessions: |
|
30 raise InvalidSession() |
|
31 session = self._sessions[sessionid] |
|
32 if self.has_expired(session): |
|
33 self.close_session(session) |
|
34 raise InvalidSession() |
|
35 # give an opportunity to auth manager to hijack the session |
|
36 # (necessary with the RepositoryAuthenticationManager in case |
|
37 # the connection to the repository has expired) |
|
38 try: |
|
39 session = self.authmanager.validate_session(req, session) |
|
40 # necessary in case session has been hijacked |
|
41 self._sessions[session.sessionid] = session |
|
42 except InvalidSession: |
|
43 # invalid session |
|
44 del self._sessions[sessionid] |
|
45 raise |
|
46 return session |
|
47 |
|
48 def open_session(self, req): |
|
49 """open and return a new session for the given request |
|
50 |
|
51 :raise ExplicitLogin: if authentication is required |
|
52 """ |
|
53 session = self.authmanager.authenticate(req) |
|
54 self._sessions[session.sessionid] = session |
|
55 return session |
|
56 |
|
57 def close_session(self, session): |
|
58 """close session on logout or on invalid session detected (expired out, |
|
59 corrupted...) |
|
60 """ |
|
61 self.info('closing http session %s' % session) |
|
62 del self._sessions[session.sessionid] |
|
63 try: |
|
64 session.close() |
|
65 except: |
|
66 # already closed, may occurs if the repository session expired but |
|
67 # not the web session |
|
68 pass |
|
69 |