This change didn't make it into the last commit. Allow the user to

override the time column in the database by setting the __timestamp
item in the call to set.

This should make expiration of CSRF otk's work correctly for the rdbms
backend.

Author: rouilj

roundup/backends/sessions_rdbms.py

@@ -5,7 +5,6 @@
 class. It's now also used for One Time Key handling too.
 """
 __docformat__ = 'restructuredtext'
-
 import os, time
 from cgi import escape
 
@@ -50,6 +49,12 @@ def getall(self, infoid):
         return eval(res[0])
 
     def set(self, infoid, **newvalues):
+        """ Store all newvalues under key infoid with a timestamp in database.
+
+            If newvalues['__timestamp'] exists and is representable as a floating point number
+            (i.e. could be generated by time.time()), that value is used for the <name>_time
+            column in the database.
+        """
         c = self.cursor
         n = self.name
         a = self.db.arg
@@ -67,9 +72,18 @@ def set(self, infoid, **newvalues):
                 a, n, a)
             args = (repr(values), infoid)
         else:
+            if '__timestamp' in newvalues:
+                try:
+                    # __timestamp must be represntable as a float. Check it.
+                    timestamp = float(newvalues['__timestamp'])
+                except ValueError:
+                    timestamp = time.time()
+            else:
+                timestamp = time.time()
+
             sql = 'insert into %ss (%s_key, %s_time, %s_value) '\
                 'values (%s, %s, %s)'%(n, n, n, n, a, a, a)
-            args = (infoid, time.time(), repr(values))
+            args = (infoid, timestamp, repr(values))
         c.execute(sql, args)
 
     def list(self):