improvements to session management

Author: Richard Jones

CHANGES.txt

@@ -17,6 +17,7 @@ Fixed:
 - Add filter() to XML-RPC interface (sf patch #1966456)
 - Fix indexerror when there are no messages to an issue (sf patch #1894249)
 - Prevent broken pipe errors in csv export (sf patch #1911449)
+- Session API and cleanup thanks anatoly t.
 
 
 2008-03-01 1.4.4

doc/index.txt

@@ -170,6 +170,7 @@ Nathaniel Smith,
 Leonardo Soto,
 Maciej Starzyk,
 Mitchell Surface,
+Anatoly T.,
 Jon C. Thomason
 Mike Thompson,
 Michael Twomey,

roundup/backends/sessions_dbm.py

@@ -1,4 +1,4 @@
-#$Id: sessions_dbm.py,v 1.9 2007-09-27 06:18:53 jpend Exp $
+#$Id: sessions_dbm.py,v 1.10 2008-08-18 05:04:01 richard Exp $
 """This module defines a very basic store that's used by the CGI interface
 to store session and one-time-key information.
 
@@ -139,15 +139,15 @@ def updateTimestamp(self, sessid):
         if sess is None or now > sess + 60:
             self.set(sessid, __timestamp=now)
 
-    def clean(self, now):
-        """Age sessions, remove when they haven't been used for a week.
-        """
+    def clean(self):
+        ''' Remove session records that haven't been used for a week. '''
+        now = time.time()
         week = 60*60*24*7
         for sessid in self.list():
             sess = self.get(sessid, '__timestamp', None)
             if sess is None:
-                sess=time.time()
                 self.updateTimestamp(sessid)
+                continue
             interval = now - sess
             if interval > week:
                 self.destroy(sessid)

roundup/backends/sessions_rdbms.py

@@ -1,4 +1,4 @@
-#$Id: sessions_rdbms.py,v 1.7 2007-09-25 19:49:19 jpend Exp $
+#$Id: sessions_rdbms.py,v 1.8 2008-08-18 05:04:01 richard Exp $
 """This module defines a very basic store that's used by the CGI interface
 to store session and one-time-key information.
 
@@ -84,10 +84,11 @@ def updateTimestamp(self, infoid):
             self.name, self.db.arg, self.name, self.db.arg),
             (now, infoid, now-60))
 
-    def clean(self, now):
-        """Age sessions, remove when they haven't been used for a week.
-        """
-        old = now - 60*60*24*7
+    def clean(self):
+        ''' Remove session records that haven't been used for a week. '''
+        now = time.time()
+        week = 60*60*24*7
+        old = now - week
         self.cursor.execute('delete from %ss where %s_time < %s'%(self.name,
             self.name, self.db.arg), (old, ))
 

roundup/cgi/TranslationService.py

@@ -13,8 +13,8 @@
 #   translate(domain, msgid, mapping, context, target_language, default)
 #
 
-__version__ = "$Revision: 1.5 $"[11:-2]
-__date__ = "$Date: 2008-08-07 05:51:32 $"[7:-2]
+__version__ = "$Revision: 1.6 $"[11:-2]
+__date__ = "$Date: 2008-08-18 05:04:01 $"[7:-2]
 
 from roundup import i18n
 from roundup.cgi.PageTemplates import Expressions, PathIterator, TALES
@@ -38,8 +38,6 @@ def gettext(self, msgid):
         if not isinstance(msgid, unicode):
             msgid = unicode(msgid, 'utf8')
         msgtrans=self.ugettext(msgid)
-        if not isinstance(msgtrans,unicode):
-            msgtrans=unicode(msgtrans, 'utf8')
         return msgtrans.encode(self.OUTPUT_ENCODING)
 
     def ngettext(self, singular, plural, number):
@@ -48,8 +46,6 @@ def ngettext(self, singular, plural, number):
         if not isinstance(plural, unicode):
             plural = unicode(plural, 'utf8')
         msgtrans=self.ungettext(singular, plural, number)
-        if not isinstance(msgtrans,unicode):
-            msgtrans=unicode(msgtrans, 'utf8')
         return msgtrans.encode(self.OUTPUT_ENCODING)
 
 class TranslationService(TranslationServiceMixin, i18n.RoundupTranslations):

roundup/cgi/actions.py

@@ -1,6 +1,6 @@
-#$Id: actions.py,v 1.72 2008-08-07 06:33:00 richard Exp $
+#$Id: actions.py,v 1.73 2008-08-18 05:04:01 richard Exp $
 
-import re, cgi, StringIO, urllib, Cookie, time, random, csv, codecs
+import re, cgi, StringIO, urllib, time, random, csv, codecs
 
 from roundup import hyperdb, token, date, password
 from roundup.i18n import _
@@ -741,13 +741,8 @@ def finishRego(self):
         # re-open the database for real, using the user
         self.client.opendb(user)
 
-        # if we have a session, update it
-        if hasattr(self.client, 'session'):
-            self.client.db.getSessionManager().set(self.client.session,
-                user=user, last_use=time.time())
-        else:
-            # new session cookie
-            self.client.set_cookie(user, expire=None)
+        # update session data
+        self.client.session_api.set(user=user)
 
         # nice message
         message = self._('You are now registered, welcome!')
@@ -779,7 +774,7 @@ class RegisterAction(RegoCommon, EditCommon):
 
     def handle(self):
         """Attempt to create a new user based on the contents of the form
-        and then set the cookie.
+        and then remember it in session.
 
         Return 1 on successful login.
         """
@@ -876,15 +871,10 @@ def handle(self):
 
 class LogoutAction(Action):
     def handle(self):
-        """Make us really anonymous - nuke the cookie too."""
+        """Make us really anonymous - nuke the session too."""
         # log us out
         self.client.make_user_anonymous()
-
-        # construct the logout cookie
-        now = Cookie._getdate()
-        self.client.additional_headers['Set-Cookie'] = \
-           '%s=deleted; Max-Age=0; expires=%s; Path=%s;' % (
-               self.client.cookie_name, now, self.client.cookie_path)
+        self.client.session_api.destroy()
 
         # Let the user know what's going on
         self.client.ok_message.append(self._('You are logged out'))
@@ -924,11 +914,10 @@ def handle(self):
         # now we're OK, re-open the database for real, using the user
         self.client.opendb(self.client.user)
 
-        # set the session cookie
+        # save user in session
+        self.client.session_api.set(user=self.client.user)
         if self.form.has_key('remember'):
-            self.client.set_cookie(self.client.user, expire=86400*365)
-        else:
-            self.client.set_cookie(self.client.user, expire=None)
+            self.client.session_api.update(set_cookie=True, expire=24*3600*365)
 
         # If we came from someplace, go back there
         if self.form.has_key('__came_from'):