# HG changeset patch # User Aurelien Campeas # Date 1392305561 -3600 # Node ID 0c678b63d017532891aad427b4cccb5a7c8666d3 # Parent 1691be295517729f6cf7d2ca8d2f1d77c81b6809 [web] move abstract session manager to web/sessions Related to #1381328. diff -r 1691be295517 -r 0c678b63d017 web/application.py --- a/web/application.py Wed Jun 11 18:24:40 2014 +0200 +++ b/web/application.py Thu Feb 13 16:32:41 2014 +0100 @@ -60,66 +60,6 @@ finally: req.set_cnx(orig_cnx) -class AbstractSessionManager(component.Component): - """manage session data associated to a session identifier""" - __regid__ = 'sessionmanager' - - def __init__(self, repo): - vreg = repo.vreg - self.session_time = vreg.config['http-session-time'] or None - self.authmanager = vreg['components'].select('authmanager', repo=repo) - interval = (self.session_time or 0) / 2. - if vreg.config.anonymous_user()[0] is not None: - self.cleanup_anon_session_time = vreg.config['cleanup-anonymous-session-time'] or 5 * 60 - assert self.cleanup_anon_session_time > 0 - if self.session_time is not None: - self.cleanup_anon_session_time = min(self.session_time, - self.cleanup_anon_session_time) - interval = self.cleanup_anon_session_time / 2. - # we don't want to check session more than once every 5 minutes - self.clean_sessions_interval = max(5 * 60, interval) - - def clean_sessions(self): - """cleanup sessions which has not been unused since a given amount of - time. Return the number of sessions which have been closed. - """ - self.debug('cleaning http sessions') - session_time = self.session_time - closed, total = 0, 0 - for session in self.current_sessions(): - total += 1 - last_usage_time = session.mtime - no_use_time = (time() - last_usage_time) - if session.anonymous_session: - if no_use_time >= self.cleanup_anon_session_time: - self.close_session(session) - closed += 1 - elif session_time is not None and no_use_time >= session_time: - self.close_session(session) - closed += 1 - return closed, total - closed - - def current_sessions(self): - """return currently open sessions""" - raise NotImplementedError() - - def get_session(self, req, sessionid): - """return existing session for the given session identifier""" - raise NotImplementedError() - - def open_session(self, req): - """open and return a new session for the given request. - - raise :exc:`cubicweb.AuthenticationError` if authentication failed - (no authentication info found or wrong user/password) - """ - raise NotImplementedError() - - def close_session(self, session): - """close session on logout or on invalid session detected (expired out, - corrupted...) - """ - raise NotImplementedError() class AbstractAuthenticationManager(component.Component): diff -r 1691be295517 -r 0c678b63d017 web/views/sessions.py --- a/web/views/sessions.py Wed Jun 11 18:24:40 2014 +0200 +++ b/web/views/sessions.py Thu Feb 13 16:32:41 2014 +0100 @@ -15,18 +15,83 @@ # # You should have received a copy of the GNU Lesser General Public License along # with CubicWeb. If not, see . -"""web session component: by dfault the session is actually the db connection -object :/ -""" - +"""web session: by default the session is actually the db connection """ __docformat__ = "restructuredtext en" from time import time -from cubicweb import (RepositoryError, Unauthorized, AuthenticationError, - BadConnectionId) -from cubicweb.web import InvalidSession, Redirect -from cubicweb.web.application import AbstractSessionManager +from cubicweb import RepositoryError, Unauthorized, BadConnectionId +from cubicweb.web import InvalidSession, component + + +class AbstractSessionManager(component.Component): + """manage session data associated to a session identifier""" + __abstract__ = True + __regid__ = 'sessionmanager' + + def __init__(self, repo): + vreg = repo.vreg + self.session_time = vreg.config['http-session-time'] or None + self.authmanager = vreg['components'].select('authmanager', repo=repo) + interval = (self.session_time or 0) / 2. + if vreg.config.anonymous_user()[0] is not None: + self.cleanup_anon_session_time = vreg.config['cleanup-anonymous-session-time'] or 5 * 60 + assert self.cleanup_anon_session_time > 0 + if self.session_time is not None: + self.cleanup_anon_session_time = min(self.session_time, + self.cleanup_anon_session_time) + interval = self.cleanup_anon_session_time / 2. + # we don't want to check session more than once every 5 minutes + self.clean_sessions_interval = max(5 * 60, interval) + + def clean_sessions(self): + """cleanup sessions which has not been unused since a given amount of + time. Return the number of sessions which have been closed. + """ + self.debug('cleaning http sessions') + session_time = self.session_time + closed, total = 0, 0 + for session in self.current_sessions(): + total += 1 + try: + last_usage_time = session.cnx.check() + except AttributeError: + last_usage_time = session.mtime + except BadConnectionId: + self.close_session(session) + closed += 1 + else: + no_use_time = (time() - last_usage_time) + if session.anonymous_session: + if no_use_time >= self.cleanup_anon_session_time: + self.close_session(session) + closed += 1 + elif session_time is not None and no_use_time >= session_time: + self.close_session(session) + closed += 1 + return closed, total - closed + + def current_sessions(self): + """return currently open sessions""" + raise NotImplementedError() + + def get_session(self, req, sessionid): + """return existing session for the given session identifier""" + raise NotImplementedError() + + def open_session(self, req): + """open and return a new session for the given request. + + raise :exc:`cubicweb.AuthenticationError` if authentication failed + (no authentication info found or wrong user/password) + """ + raise NotImplementedError() + + def close_session(self, session): + """close session on logout or on invalid session detected (expired out, + corrupted...) + """ + raise NotImplementedError() class InMemoryRepositorySessionManager(AbstractSessionManager):