external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

change(python): rework session timing

Browse source 
Previously, we were just relying on the cookie expiration
for sessions to expire. We were not cleaning up Session
records either.

Rework timing to depend on an AURREMEMBER cookie which is
now emitted on login during BasicAuthBackend processing.

If the SID does still have a session but it's expired,
we now delete the session record before returning.

Otherwise, we update the session's LastUpdateTS to
the current time.

In addition, stored the unauthenticated result value
in a variable to reduce redundancy.

Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2021-12-04 02:12:20 -08:00
parent f8bef16d32
commit 8501bba0ac
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
5 changed files with 50 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

4
aurweb/routers/auth.py
View file

@ -73,6 +73,10 @@ async def login_post(request: Request,
response.set_cookie("AURLANG", user.LangPreference,
secure=secure, httponly=secure,
samesite=cookies.samesite())
response.set_cookie("AURREMEMBER", remember_me,
expires=expires_at,
secure=secure, httponly=secure,
samesite=cookies.samesite())
return response