diff -r 000000000000 -r b97547f5f1fa web/views/sessions.py
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/web/views/sessions.py	Wed Nov 05 15:52:50 2008 +0100
@@ -0,0 +1,69 @@
+"""web session component: by dfault the session is actually the db connection
+object :/
+
+:organization: Logilab
+:copyright: 2001-2008 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
+:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr
+"""
+__docformat__ = "restructuredtext en"
+
+from cubicweb.web import ExplicitLogin, InvalidSession
+from cubicweb.web.application import AbstractSessionManager
+
+
+class InMemoryRepositorySessionManager(AbstractSessionManager):
+    """manage session data associated to a session identifier"""
+    
+    def __init__(self):
+        AbstractSessionManager.__init__(self)
+        # XXX require a RepositoryAuthenticationManager which violates
+        #     authenticate interface by returning a session instead of a user
+        #assert isinstance(self.authmanager, RepositoryAuthenticationManager)
+        self._sessions = {}
+
+    def current_sessions(self):
+        return self._sessions.values()
+    
+    def get_session(self, req, sessionid):
+        """return existing session for the given session identifier"""
+        if not sessionid in self._sessions:
+            raise InvalidSession()
+        session = self._sessions[sessionid]
+        if self.has_expired(session):
+            self.close_session(session)
+            raise InvalidSession()
+        # give an opportunity to auth manager to hijack the session
+        # (necessary with the RepositoryAuthenticationManager in case
+        #  the connection to the repository has expired)
+        try:
+            session = self.authmanager.validate_session(req, session)
+            # necessary in case session has been hijacked
+            self._sessions[session.sessionid] = session
+        except InvalidSession:
+            # invalid session
+            del self._sessions[sessionid]
+            raise
+        return session
+
+    def open_session(self, req):
+        """open and return a new session for the given request
+        
+        :raise ExplicitLogin: if authentication is required
+        """
+        session = self.authmanager.authenticate(req)
+        self._sessions[session.sessionid] = session
+        return session
+    
+    def close_session(self, session):
+        """close session on logout or on invalid session detected (expired out,
+        corrupted...)
+        """
+        self.info('closing http session %s' % session)
+        del self._sessions[session.sessionid]
+        try:
+            session.close()
+        except:
+            # already closed, may occurs if the repository session expired but
+            # not the web session
+            pass
+