# HG changeset patch # User Pierre-Yves David # Date 1371141999 -7200 # Node ID 9deb024a96c07f4835087c542a667ee076ab47b6 # Parent aa709bc6b6c14f21dc9e2763c5f9fb7505da9fd5 [session-handler] use session directly to update last usage We don't really need the WebRequest for that. Not using the WebRequest to access the cubicweb repository here will allow a delayed set_session. Related to #2503918 diff -r aa709bc6b6c1 -r 9deb024a96c0 doc/4.0.rst --- a/doc/4.0.rst Thu Jun 13 18:50:19 2013 +0200 +++ b/doc/4.0.rst Thu Jun 13 18:46:39 2013 +0200 @@ -1,6 +1,14 @@ What's new in CubicWeb 4.0? ============================ +API changes +----------- + +* ``RepositorySessionManager.postlogin`` is now called with two arguments, + request and session. And this now happens before the session is linked to the + request. + + Deprecated Code Drops ---------------------- diff -r aa709bc6b6c1 -r 9deb024a96c0 web/application.py --- a/web/application.py Thu Jun 13 18:50:19 2013 +0200 +++ b/web/application.py Thu Jun 13 18:46:39 2013 +0200 @@ -228,7 +228,7 @@ req.set_cookie(sessioncookie, session.sessionid, maxage=None, secure=secure) if not session.anonymous_session: - self.session_manager.postlogin(req) + self.session_manager.postlogin(req, session) return session def logout(self, req, goto_url): diff -r aa709bc6b6c1 -r 9deb024a96c0 web/views/sessions.py --- a/web/views/sessions.py Thu Jun 13 18:50:19 2013 +0200 +++ b/web/views/sessions.py Thu Jun 13 18:46:39 2013 +0200 @@ -78,29 +78,33 @@ req.set_session(session) return session - def postlogin(self, req): - """postlogin: the user has been authenticated, redirect to the original - page (index by default) with a welcome message + def postlogin(self, req, session): + """postlogin: the user have been related to a session + + Both req and session are passed to this function because actually + linking the request to the session is not yet done and not the + responsability of this object. """ # Update last connection date # XXX: this should be in a post login hook in the repository, but there # we can't differentiate actual login of automatic session # reopening. Is it actually a problem? if 'last_login_time' in req.vreg.schema: - self._update_last_login_time(req) - req.set_message(req._('welcome %s !') % req.user.login) + self._update_last_login_time(session) + req.set_message(req._('welcome %s !') % session.cnx.user().login) - def _update_last_login_time(self, req): + def _update_last_login_time(self, session): # XXX should properly detect missing permission / non writeable source # and avoid "except (RepositoryError, Unauthorized)" below try: - req.execute('SET X last_login_time NOW WHERE X eid %(x)s', - {'x' : req.user.eid}) - req.cnx.commit() + cu = session.cnx.cursor() + cu.execute('SET X last_login_time NOW WHERE X eid %(x)s', + {'x' : session.cnx.user().eid}) + session.cnx.commit() except (RepositoryError, Unauthorized): - req.cnx.rollback() + session.cnx.rollback() except Exception: - req.cnx.rollback() + session.cnx.rollback() raise def close_session(self, session):