diff -r b5f15098f282 -r d56fd78006cd web/application.py --- a/web/application.py Mon Jul 26 12:07:00 2010 +0200 +++ b/web/application.py Mon Jul 26 12:08:24 2010 +0200 @@ -31,7 +31,7 @@ from cubicweb import set_log_methods, cwvreg from cubicweb import ( ValidationError, Unauthorized, AuthenticationError, NoSelectableObject, - RepositoryError, CW_EVENT_MANAGER) + RepositoryError, BadConnectionId, CW_EVENT_MANAGER) from cubicweb.dbapi import DBAPISession from cubicweb.web import LOGGER, component from cubicweb.web import ( @@ -48,48 +48,43 @@ def __init__(self, vreg): self.session_time = vreg.config['http-session-time'] or None - if self.session_time is not None: - assert self.session_time > 0 - self.cleanup_session_time = self.session_time - else: - self.cleanup_session_time = vreg.config['cleanup-session-time'] or 1440 * 60 - assert self.cleanup_session_time > 0 - self.cleanup_anon_session_time = vreg.config['cleanup-anonymous-session-time'] or 5 * 60 - assert self.cleanup_anon_session_time > 0 self.authmanager = vreg['components'].select('authmanager', vreg=vreg) + interval = (self.session_time or 0) / 2. if vreg.config.anonymous_user() is not None: - self.clean_sessions_interval = max( - 5 * 60, min(self.cleanup_session_time / 2., - self.cleanup_anon_session_time / 2.)) - else: - self.clean_sessions_interval = max( - 5 * 60, - self.cleanup_session_time / 2.) + self.cleanup_anon_session_time = vreg.config['cleanup-anonymous-session-time'] or 5 * 60 + assert self.cleanup_anon_session_time > 0 + if self.session_time is not None: + self.cleanup_anon_session_time = min(self.session_time, + self.cleanup_anon_session_time) + interval = self.cleanup_anon_session_time / 2. + # we don't want to check session more than once every 5 minutes + self.clean_sessions_interval = max(5 * 60, interval) def clean_sessions(self): """cleanup sessions which has not been unused since a given amount of time. Return the number of sessions which have been closed. """ self.debug('cleaning http sessions') + session_time = self.session_time closed, total = 0, 0 for session in self.current_sessions(): - no_use_time = (time() - session.last_usage_time) total += 1 - if session.anonymous_session: - if no_use_time >= self.cleanup_anon_session_time: + try: + last_usage_time = session.cnx.check() + except BadConnectionId: + self.close_session(session) + closed += 1 + else: + no_use_time = (time() - last_usage_time) + if session.anonymous_session: + if no_use_time >= self.cleanup_anon_session_time: + self.close_session(session) + closed += 1 + elif session_time is not None and no_use_time >= session_time: self.close_session(session) closed += 1 - elif no_use_time >= self.cleanup_session_time: - self.close_session(session) - closed += 1 return closed, total - closed - def has_expired(self, session): - """return True if the web session associated to the session is expired - """ - return not (self.session_time is None or - time() < session.last_usage_time + self.session_time) - def current_sessions(self): """return currently open sessions""" raise NotImplementedError() @@ -213,8 +208,6 @@ except AuthenticationError: req.remove_cookie(cookie, self.SESSION_VAR) raise - # remember last usage time for web session tracking - session.last_usage_time = time() def get_session(self, req, sessionid): return self.session_manager.get_session(req, sessionid) @@ -224,8 +217,6 @@ cookie = req.get_cookie() cookie[self.SESSION_VAR] = session.sessionid req.set_cookie(cookie, self.SESSION_VAR, maxage=None) - # remember last usage time for web session tracking - session.last_usage_time = time() if not session.anonymous_session: self._postlogin(req) return session