Commit 3a0f4d7c authored by marcel's avatar marcel

Reduce session lifetime to 3h, clear cookies before login.

parent 38ba15aa
......@@ -66,6 +66,12 @@ class RootController(AbstractController):
elif len(self.cache_bust) == 0:
self.cache_bust = None
@classmethod
def expire_cookie(cls, name):
cherrypy.response.cookie[name] = ""
cherrypy.response.cookie[name]["expires"] = 0
cherrypy.response.cookie[name]["max-age"] = 0
def mount_extension_controller(self, mountpoint, controller):
if hasattr(self.extensions, mountpoint):
logger.warning("Controller mountpoint already exists: %s" % mountpoint)
......@@ -156,6 +162,12 @@ class RootController(AbstractController):
if "user_id" in cherrypy.session:
raise cherrypy.HTTPRedirect(path)
# delete all cookies except for the session id
session_key = cherrypy.serving.request.config.get("tools.sessions.name", "session_id")
for key in cherrypy.response.cookie.keys():
if key != session_key:
self.expire_cookie(key)
login = cherrypy.request.login
if login and vispa.config("user", "remote.enabled", False):
user = User.get_by_name(db, login)
......@@ -178,7 +190,6 @@ class RootController(AbstractController):
vispa.fire_callback("user.login", user)
raise cherrypy.HTTPRedirect(path)
welcome_phrase = vispa.config("web", "text.welcome", "")
login_text = vispa.config("web", "text.login", "")
registration_text = vispa.config("web", "text.registration", "")
......@@ -235,9 +246,7 @@ class RootController(AbstractController):
# remove all cookies
for key in cherrypy.response.cookie.keys():
cherrypy.response.cookie[key] = ""
cherrypy.response.cookie[key]["expires"] = 0
cherrypy.response.cookie[key]["max-age"] = 0
self.expire_cookie(key)
raise cherrypy.HTTPRedirect(vispa.url.dynamic(path))
......
......@@ -125,7 +125,7 @@ class Server(object):
'tools.sessions.path': urlparse(base_dynamic).path,
'tools.sessions.storage_type': 'file',
'tools.sessions.storage_path': vispa.datapath('sessions'),
'tools.sessions.timeout': 1440,
'tools.sessions.timeout': 180,
'tools.staticdir.on': False,
'tools.gzip.on': True,
'tools.gzip.mime_types': ['text/html', 'text/css',
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment