diff options
author | Nathan Angelacos <nangel@tetrasec.net> | 2007-11-15 19:52:55 +0000 |
---|---|---|
committer | Nathan Angelacos <nangel@tetrasec.net> | 2007-11-15 19:52:55 +0000 |
commit | 1b76b8d1389f9609269b5fe14a34afa92a6cec0c (patch) | |
tree | aa8850d53af258ae777a2e456c82f465e2fc0df8 /app | |
parent | 46e0d09051fbe104d31d7cfe8a74537c71404a2a (diff) | |
download | acf-core-1b76b8d1389f9609269b5fe14a34afa92a6cec0c.tar.bz2 acf-core-1b76b8d1389f9609269b5fe14a34afa92a6cec0c.tar.xz |
Session table is now retrieved and saved via the mvc.on_load and mvc.post_exec functions
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@308 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'app')
-rw-r--r-- | app/acf_www-controller.lua | 42 |
1 files changed, 25 insertions, 17 deletions
diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua index 97fb6bb..13e1482 100644 --- a/app/acf_www-controller.lua +++ b/app/acf_www-controller.lua @@ -1,4 +1,4 @@ ---[[ Code for the Alpine Configuration WEB framework +--[[ code for the Alpine Configuration WEB framework see http://wiki.alpinelinux.org Copyright (C) 2007 Nathan Angelacos Licensed under the terms of GPL2 @@ -31,17 +31,18 @@ mvc.on_load = function (self, parent) -- this sets the package path for us and our children package.path= self.conf.libdir .. "?.lua;" .. package.path - local session=require ("session") + sessionlib=require ("session") + self.session = {} local tempid = "" if self.clientdata.sessionid == nil then - self.session.id = session.random_hash(512) + self.session.id = sessionlib.random_hash(512) tempid = self.session.id else - tempid = self.session.id + tempid = self.clientdata.sessionid local timestamp - timestamp, self.session = session.load_session(self.conf.sessiondir, + timestamp, self.session = sessionlib.load_session(self.conf.sessiondir, self.clientdata.sessionid) if timestamp == nil then -- FIXME ... need to add this function @@ -53,19 +54,35 @@ mvc.on_load = function (self, parent) if too many bad events for this ip invaidate the session if (timestamp is > 10 minutes old) - session.unlink.session (self.conf.sessiondir, + sessionlib.unlink.session (self.conf.sessiondir, self.session.id) self.session = {} - self.session.id = session.random_hash(512) + self.session.id = sessionlib.random_hash(512) generate flash message "Inactivity logout" end ]]-- end - end end +mvc.post_exec = function (self) + if session.id then -- save the session table; however + -- if its just an empty session, don't save it; + -- Doing so could cause a D.O.S. where someone fills + -- disk with invalid sessionid tables + local c = 0 + for k,v in pairs(session) do + c = c + 1 + end + if c > 1 then + sessionlib.save_session(conf.sessiondir, + session.id, session) + end + end +end + + -- look for a template -- ctlr-action-view, then ctlr-view, then action-view, then view @@ -109,15 +126,6 @@ view_resolver = function(self) "-" .. viewtype .. ".lsp" } - -- FIXME: MVC doesn't have a way to call a function after the controller is run - -- so we serialize the session in the view resolver. MVC probably should have - -- a postinit or postrun method... - if self.session.id then - local x = require("session") - x.save_session(self.conf.sessiondir, self.session.id, self.session) - x=nil - end - -- search for template local template = find_template ( self.conf.appdir, self.conf.prefix, self.conf.controller, self.conf.action, "html") |