Skip to content

change(python): rework session timing

Kevin Morris requested to merge kevr/aurweb:fix-session-timing into pu

Previously, we were just relying on the cookie expiration for sessions to expire. We were not cleaning up Session records either.

Rework timing to depend on an AURREMEMBER cookie which is now emitted on login during BasicAuthBackend processing.

If the SID does still have a session but it's expired, we now delete the session record before returning.

Otherwise, we update the session's LastUpdateTS to the current time.

In addition, stored the unauthenticated result value in a variable to reduce redundancy.

Signed-off-by: Kevin Morris

Edited by Kevin Morris

Merge request reports