From dd7609a22acff9729ebd97bfe1380b69b3044412 Mon Sep 17 00:00:00 2001
From: mdipierro <massimo.dipierro@gmail.com>
Date: Sun, 1 Sep 2013 07:44:11 -0500
Subject: [PATCH] partially fixed issue 1502

---
 VERSION            |  2 +-
 gluon/fileutils.py | 22 ++++++++++++++++++----
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/VERSION b/VERSION
index 2b777e39..356a6de8 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-Version 2.6.0-development+timestamp.2013.08.30.18.28.02
+Version 2.6.0-development+timestamp.2013.09.01.07.43.11
diff --git a/gluon/fileutils.py b/gluon/fileutils.py
index 0f3953bb..7c1942da 100644
--- a/gluon/fileutils.py
+++ b/gluon/fileutils.py
@@ -360,12 +360,21 @@ def get_session(request, other_application='admin'):
         raise KeyError
     try:
         session_id = request.cookies['session_id_' + other_application].value
-        osession = storage.load_storage(os.path.join(
-            up(request.folder), other_application, 'sessions', session_id))
+        session_filename = os.path.join(
+            up(request.folder), other_application, 'sessions', session_id)
+        osession = storage.load_storage(session_filename)
     except Exception, e:
         osession = storage.Storage()
     return osession
 
+def set_session(request, session, other_application='admin'):
+    """ checks that user is authorized to access other_application"""
+    if request.application == other_application:
+        raise KeyError
+    session_id = request.cookies['session_id_' + other_application].value
+    session_filename = os.path.join(
+        up(request.folder), other_application, 'sessions', session_id)
+    storage.save_storage(session,session_filename)
 
 def check_credentials(request, other_application='admin',
                       expiration=60 * 60, gae_login=True):
@@ -381,9 +390,14 @@ def check_credentials(request, other_application='admin',
         else:
             return False
     else:
-        dt = time.time() - expiration
+        t0 = time.time()
+        dt = t0 - expiration
         s = get_session(request, other_application)
-        return (s.authorized and s.last_time and s.last_time > dt)
+        r = (s.authorized and s.last_time and s.last_time > dt)
+        if r:
+            s.last_time = t0
+            set_session(request,s,other_application)
+        return r
 
 
 def fix_newlines(path):