server: expire stale sessions

1 files changed, 11 insertions, 3 deletions

diff --git a/server.lua b/server.lua
index 468cdc3..88e3556 100644
--- a/server.lua
+++ b/server.lua
@@ -18,11 +18,14 @@ math.randomseed(os.time())
 local save_req = os.execute('[ $(stat -f -c "%T" /) = tmpfs ]')
 
 -- TODO shared storage for sessions
--- TODO expire stale sessions
 local sessions = {}
 
 
 return function(env)
+	  for sid, session in pairs(sessions) do
+	     if session.expires < os.time() then sessions[sid] = nil end
+	  end
+
 	  local method = env.REQUEST_METHOD
 	  local path = env.PATH_INFO
 
@@ -67,11 +70,14 @@ return function(env)
 	     end
 	  end
 
-	  local sid = tonumber(env.HTTP_X_ACF_AUTH_TOKEN)
 	  local session, user, txn_id
+	  function reset_session_expiry() session.expires = os.time() + 600 end
+
+	  local sid = tonumber(env.HTTP_X_ACF_AUTH_TOKEN)
 	  if sid then
 	     session = sessions[sid]
 	     if not session then return wrap(401) end
+	     reset_session_expiry()
 	     user = session.user
 	     txn_id = tonumber(env.HTTP_X_ACF_TRANSACTION_ID)
 	  end
@@ -114,7 +120,9 @@ return function(env)
 		      sid = math.floor(math.random() * 2^32)
 		   until not sessions[sid]
 
-		   sessions[sid] = {user=data.username, last_txn_id=0, txns={}}
+		   session = {user=data.username, last_txn_id=0, txns={}}
+		   reset_session_expiry()
+		   sessions[sid] = session
 		   return wrap(
 		      204,
 		      {