Changeset 3444

Timestamp:

09/02/07 12:57:22 (1 year ago)

Author:

faide

Message:

Applying patch from ticket #1406 provided by "j". Makes sure the cookies has the same timeout as the session in order to not loose the session if the user closes the browser.

Files:

• branches/1.1/turbogears/visit/api.py (modified) (3 diffs)

branches/1.1/turbogears/visit/api.py

@@ -4 +4 @@
-from random import random
-from datetime import timedelta, datetime
+import time
-
-import cherrypy
@@ -121 +122 @@
-        # By default, I don't specify the cookie domain.
-        self.cookie_domain = get("visit.cookie.domain", None)
+        self.cookie_max_age = int(get("visit.timeout", "20")) * 60
-        assert self.cookie_domain != "localhost", \
-               "localhost is not a valid value for visit.cookie.domain. Try None instead."
@@ -193 +195 @@
-        cookies[self.cookie_name] = visit_key
-        cookies[self.cookie_name]['path'] = self.cookie_path
+        # We'd like to use the "max-age" param as 
+        #   http://www.faqs.org/rfcs/rfc2109.html indicates but IE doesn't 
+        #   save it to disk and the session is lost if people close 
+        #   the browser 
+        #   So we have to use the old "expires" ... sigh ... 
+        #cookies[self.cookie_name]['max-age']= self.cookie_max_age 
+        gmt_expiration_time = time.gmtime(time.time() + self.cookie_max_age) 
+        cookies[self.cookie_name]['expires'] = time.strftime( 
+                "%a, %d-%b-%Y %H:%M:%S GMT", gmt_expiration_time)
+
-        if self.cookie_secure:
-            cookies[self.cookie_name]['secure'] = True