From be57c3ab5b65a2c94de16321faf810926dc94da9 Mon Sep 17 00:00:00 2001 From: mdipierro Date: Thu, 12 Sep 2013 16:31:41 -0500 Subject: [PATCH] conditional renew sessions on login/logout --- VERSION | 2 +- gluon/tools.py | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/VERSION b/VERSION index 75ae3690..57f223ce 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -Version 2.6.0-development+timestamp.2013.09.11.22.37.51 +Version 2.6.0-development+timestamp.2013.09.12.16.30.52 diff --git a/gluon/tools.py b/gluon/tools.py index 1c9d8964..9e8f1fd9 100644 --- a/gluon/tools.py +++ b/gluon/tools.py @@ -921,7 +921,9 @@ class Auth(object): username_case_sensitive=True, update_fields = ['email'], ondelete="CASCADE", - client_side = True, + client_side = True, + renew_session_onlogin=True, + renew_session_onlogout=True, keep_session_onlogin=True, keep_session_onlogout=False, wiki = Settings(), @@ -1975,7 +1977,8 @@ class Auth(object): for key, value in user.items(): if callable(value) or key=='password': delattr(user,key) - current.session.renew(clear_session=not self.settings.keep_session_onlogin) + if self.settings.renew_session_onlogin: + current.session.renew(clear_session=not self.settings.keep_session_onlogin) current.session.auth = Storage( user = user, last_visit=current.request.now, @@ -2412,7 +2415,8 @@ class Auth(object): current.session.auth = None current.session.flash = self.messages.logged_out - current.session.renew(clear_session=not self.settings.keep_session_onlogout) + if self.settings.renew_session_onlogout: + current.session.renew(clear_session=not self.settings.keep_session_onlogout) if not next is None: redirect(next)