diff options
author | Nathan Angelacos <nangel@tetrasec.net> | 2007-11-14 21:56:47 +0000 |
---|---|---|
committer | Nathan Angelacos <nangel@tetrasec.net> | 2007-11-14 21:56:47 +0000 |
commit | 358a60a3f7d7ded7c5b3c16d808eb269a2e58d46 (patch) | |
tree | a66d09f775c644cdf6ca46c11b71f2c7c2c2270e /app | |
parent | 2093384b4aa4068d721aef4006a9d8a4666c5378 (diff) | |
download | acf-core-358a60a3f7d7ded7c5b3c16d808eb269a2e58d46.tar.bz2 acf-core-358a60a3f7d7ded7c5b3c16d808eb269a2e58d46.tar.xz |
*Work in progress*
Use the session library to set up a session token, clean up the session lib
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@304 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'app')
-rw-r--r-- | app/acf_www-controller.lua | 39 |
1 files changed, 31 insertions, 8 deletions
diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua index affdfba..ef52bc2 100644 --- a/app/acf_www-controller.lua +++ b/app/acf_www-controller.lua @@ -3,8 +3,15 @@ Copyright (C) 2007 Nathan Angelacos Licensed under the terms of GPL2 ]]-- +-- Required global libraries + module(..., package.seeall) +-- This is not in the global namespace, but future +-- require statements shouldn't need to go to the disk lib +require "posix" + + -- We use the parent exception handler in a last-case situation local parent_exception_handler @@ -23,16 +30,32 @@ mvc.on_load = function (self, parent) -- this sets the package path for us and our children package.path= self.conf.libdir .. "?.lua;" .. package.path - + + local session=require ("session") self.session = {} - local x=require("session") - if FORM.sessionid then - local timestamp - timestamp , self.session = x.load_session(self.conf.sessiondir, - FORM.sessionid) - self.session.id = FORM.sessionid + if self.clientdata.sessionid == nil then + self.session.id = session.random_hash(512) + end + local timestamp + timestamp, self.session = session.load_session(self.conf.sessiondir, + self.clientdata.sessionid) + if timestamp == nil then + -- FIXME ... need to add this function + -- record an invalid sessionid event else - self.session.id = nil + --[[ + FIXME --- need to write this function + if too many bad events for this ip invaidate the session + + if (timestamp is > 10 minutes old) + session.unlink.session (self.conf.sessiondir, + self.session.id) + self.session = {} + self.session.id = session.random_hash(512) + generate flash message "Inactivity logout" + end + ]]-- + end end |