Ensure all entry points get sessions.
Somewhat speculative, but the change in f62a9769fd
, while fixing
certain errors where logged-out users sometimes didn't have sessions
come calc_users, also opened the possibility of certain request
sequences that wouldn't give a user a session.
In the interest of conservatism, we create a session if not exists
in both the new location in calc_users and the previous spot in
before_request.
pull/2/head
parent
2d513e862e
commit
af7df7f62d
|
@ -43,6 +43,9 @@ def before_request():
|
|||
request.full_path = request.full_path.rstrip('?').rstrip('/')
|
||||
if not request.full_path: request.full_path = '/'
|
||||
|
||||
session_init()
|
||||
|
||||
|
||||
@app.after_request
|
||||
def after_request(response):
|
||||
if response.status_code < 400:
|
||||
|
@ -56,6 +59,7 @@ def after_request(response):
|
|||
del g.db
|
||||
return response
|
||||
|
||||
|
||||
@app.teardown_appcontext
|
||||
def teardown_request(error):
|
||||
if getattr(g, 'db', None):
|
||||
|
|
|
@ -12,15 +12,17 @@ from files.helpers.settings import get_setting
|
|||
from files.routes.routehelpers import validate_formkey
|
||||
from files.__main__ import app, cache, db_session, limiter
|
||||
|
||||
def session_init():
|
||||
if not session.get("session_id"):
|
||||
session.permanent = True
|
||||
session["session_id"] = secrets.token_hex(49)
|
||||
|
||||
def calc_users(v):
|
||||
loggedin = cache.get(f'{SITE}_loggedin') or {}
|
||||
loggedout = cache.get(f'{SITE}_loggedout') or {}
|
||||
timestamp = int(time.time())
|
||||
|
||||
if not session.get("session_id"):
|
||||
session.permanent = True
|
||||
session["session_id"] = secrets.token_hex(49)
|
||||
|
||||
session_init()
|
||||
if v:
|
||||
if session["session_id"] in loggedout: del loggedout[session["session_id"]]
|
||||
loggedin[v.id] = timestamp
|
||||
|
|
Loading…
Reference in New Issue