125         try:

   125         try:

   126             user = self.authmanager.validate_session(req, session)

   126             user = self.authmanager.validate_session(req, session)

   127         except InvalidSession:

   127         except InvalidSession:

   128             self.close_session(session)

   128             self.close_session(session)

   129             raise

   129             raise

   133         return session

   130         return session

   134 

   131 

   135     def open_session(self, req):

   132     def open_session(self, req):

   136         """open and return a new session for the given request. The session is

   133         """open and return a new session for the given request. The session is

   137         also bound to the request.

   134         also bound to the request.

   174         """close session on logout or on invalid session detected (expired out,

   171         """close session on logout or on invalid session detected (expired out,

   175         corrupted...)

   172         corrupted...)

   176         """

   173         """

   177         self.info('closing http session %s' % session.sessionid)

   174         self.info('closing http session %s' % session.sessionid)

   178         self._sessions.pop(session.sessionid, None)

   175         self._sessions.pop(session.sessionid, None)