home » zplus/freepost.git
ID: 767934e32d6bdda3f55b3aed6e738678565e1f87
46 lines — 1K — View raw 


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
from bottle import request, response
from freepost import database, random, settings

# Start a new session
def start (user_id, remember = False):
    # Create a new token for this session.
    # The random token is stored as a user cookie, and its hash value is
    # stored in the database to match the current user for the future requests.
    session_token = random.ascii_string (64)
    
    # Create session cookie
    response.set_cookie (
        name     = settings['session']['name'],
        value    = session_token,
        secret   = settings['cookies']['secret'],
        path     = '/',
        # When to end the session
        max_age  = settings['session']['remember_me'] if remember else None,
        # HTTPS only
        secure   = False,
        # Do not allow JavaScript to read this cookie
        httponly = True)
    
    # Store session to database
    database.new_session (user_id, session_token)

# Close the current open session
def close ():
    session_user = user ()
    
    # Delete user cookie containing session token
    response.delete_cookie (settings['session']['name'])
    
    # Delete session token from database
    database.delete_session (session_user['id'])

# Retrieve user from session token
def user ():
    session_token = request.get_cookie (
        key    = settings['session']['name'],
        secret = settings['cookies']['secret'])
    
    if session_token is None:
        return None
    
    return database.get_user_by_session_token (session_token)