From 7dbd1f97647ddc790db16495ebcf1043e9e1e927 Mon Sep 17 00:00:00 2001 From: Alban Date: Sat, 17 Nov 2012 18:09:35 +0100 Subject: [PATCH] Improved sessions handling --- web.py | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/web.py b/web.py index deee9d8..85bd20f 100755 --- a/web.py +++ b/web.py @@ -9,6 +9,7 @@ app.secret_key = '?9huDM\\H' import db from scanner import Scanner +from user_manager import UserManager @app.before_request def init_and_login_check(): @@ -20,9 +21,17 @@ def init_and_login_check(): flash('Not configured. Please create the first admin user') return redirect(url_for('add_user')) - if not (admin_count == 0 and request.endpoint == 'add_user') and not session.get('userid') and request.endpoint != 'login': - flash('Please login') - return redirect(url_for('login', returnUrl = request.url[len(request.url_root)-1:])) + if not (admin_count == 0 and request.endpoint == 'add_user') and request.endpoint != 'login': + should_login = False + if not session.get('userid'): + should_login = True + elif UserManager.get(session.get('userid'))[0] != UserManager.SUCCESS: + session.clear() + should_login = True + + if should_login: + flash('Please login') + return redirect(url_for('login', returnUrl = request.url[len(request.url_root)-1:])) @app.teardown_request def teardown(exception):