From 39ca0e42d28efe74e2046fc282eed9b7bfe15cb0 Mon Sep 17 00:00:00 2001 From: Ted Trask Date: Fri, 29 Oct 2010 10:16:15 +0000 Subject: Fix two bugs related to session lockout. Parse the lockevent filename, was seeing user locked out because username was substring of another username. All active sessions were killed whenever anyone got locked out because of error with username processing. --- app/acf_www-controller.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/acf_www-controller.lua') diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua index 8878a8b..ee41bb9 100644 --- a/app/acf_www-controller.lua +++ b/app/acf_www-controller.lua @@ -281,7 +281,7 @@ mvc.on_load = function (self, parent) else --logevent("Found session") -- We read in a valid session, check if it's ok - if sessionlib.count_events(self.conf.sessiondir,self.conf.userid or "", sessionlib.hash_ip_addr(self.conf.clientip), self.conf.lockouttime, self.conf.lockouteventlimit) then + if self.sessiondata.userinfo and self.sessiondata.userinfo.userid and sessionlib.count_events(self.conf.sessiondir, self.sessiondata.userinfo.userid, sessionlib.hash_ip_addr(self.conf.clientip), self.conf.lockouttime, self.conf.lockouteventlimit) then --logevent("Bad session, erasing") -- Too many events on this id / ip, kill the session sessionlib.unlink_session(self.conf.sessiondir, self.clientdata.sessionid) -- cgit v1.2.3