From 0b6a52388d57e3e2bfd4cd9abca79d1627e374d9 Mon Sep 17 00:00:00 2001 From: shaper Date: Wed, 8 May 2002 00:25:54 +0000 Subject: [PATCH] Set the user authentication cookie age to the default (end of browser session) for non-persistent logins. Expanded imports. git-svn-id: https://samskivert.googlecode.com/svn/trunk@729 6335cc39-0255-0410-8fd6-9bcaacd3b74c --- .../samskivert/servlet/user/UserManager.java | 21 ++++++++------ .../servlet/user/UserRepository.java | 28 +++++++++++++------ 2 files changed, 31 insertions(+), 18 deletions(-) diff --git a/projects/samskivert/src/java/com/samskivert/servlet/user/UserManager.java b/projects/samskivert/src/java/com/samskivert/servlet/user/UserManager.java index 3797032c..905c0427 100644 --- a/projects/samskivert/src/java/com/samskivert/servlet/user/UserManager.java +++ b/projects/samskivert/src/java/com/samskivert/servlet/user/UserManager.java @@ -1,5 +1,5 @@ // -// $Id: UserManager.java,v 1.13 2002/05/02 19:10:34 shaper Exp $ +// $Id: UserManager.java,v 1.14 2002/05/08 00:25:54 shaper Exp $ // // samskivert library - useful routines for java programs // Copyright (C) 2001 Michael Bayne @@ -22,14 +22,18 @@ package com.samskivert.servlet.user; import java.net.URLEncoder; import java.util.Properties; -import javax.servlet.http.*; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import com.samskivert.Log; import com.samskivert.io.PersistenceException; import com.samskivert.jdbc.ConnectionProvider; import com.samskivert.servlet.RedirectException; import com.samskivert.servlet.util.RequestUtils; -import com.samskivert.util.*; +import com.samskivert.util.Interval; +import com.samskivert.util.IntervalManager; +import com.samskivert.util.StringUtil; /** * The user manager provides easy access to user objects for servlets. It @@ -203,7 +207,8 @@ public class UserManager * @param username The username supplied by the user. * @param password The plaintext password supplied by the user. * @param persist If true, the cookie will expire in one month, if - * false, the cookie will expire in 24 hours. + * false, the cookie will expire at the end of the user's browser + * session. * @param rsp The response in which the cookie is to be set. * @param auth The authenticator used to check whether the user should * be authenticated. @@ -228,11 +233,9 @@ public class UserManager // stick it into a cookie for their browsing convenience Cookie acookie = new Cookie(USERAUTH_COOKIE, authcode); acookie.setPath("/"); - if (persist) { - acookie.setMaxAge(30*24*60*60); // expire in one month - } else { - acookie.setMaxAge(24*60*60); // expire in 24 hours - } + // expire in one month if persistent, else at the end of the + // session + acookie.setMaxAge((persist) ? (30*24*60*60) : -1); rsp.addCookie(acookie); return user; diff --git a/projects/samskivert/src/java/com/samskivert/servlet/user/UserRepository.java b/projects/samskivert/src/java/com/samskivert/servlet/user/UserRepository.java index 008cb421..7a84d166 100644 --- a/projects/samskivert/src/java/com/samskivert/servlet/user/UserRepository.java +++ b/projects/samskivert/src/java/com/samskivert/servlet/user/UserRepository.java @@ -1,5 +1,5 @@ // -// $Id: UserRepository.java,v 1.20 2002/04/30 00:52:31 mdb Exp $ +// $Id: UserRepository.java,v 1.21 2002/05/08 00:25:54 shaper Exp $ // // samskivert library - useful routines for java programs // Copyright (C) 2001 Michael Bayne @@ -20,17 +20,29 @@ package com.samskivert.servlet.user; -import java.sql.*; +import java.sql.Connection; +import java.sql.Date; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; + import java.util.ArrayList; import java.util.Calendar; import java.util.Properties; -import org.apache.regexp.*; +import org.apache.regexp.RE; +import org.apache.regexp.RESyntaxException; import com.samskivert.Log; import com.samskivert.io.PersistenceException; -import com.samskivert.jdbc.*; -import com.samskivert.jdbc.jora.*; +import com.samskivert.jdbc.ConnectionProvider; +import com.samskivert.jdbc.DatabaseLiaison; +import com.samskivert.jdbc.JDBCUtil; +import com.samskivert.jdbc.JORARepository; +import com.samskivert.jdbc.StaticConnectionProvider; +import com.samskivert.jdbc.jora.Cursor; +import com.samskivert.jdbc.jora.Session; +import com.samskivert.jdbc.jora.Table; import com.samskivert.servlet.SiteIdentifier; import com.samskivert.util.HashIntMap; @@ -292,10 +304,8 @@ public class UserRepository extends JORARepository /** * Creates a new session for the specified user and returns the * randomly generated session identifier for that session. Temporary - * sessions are set to expire in two days which prevents someone from - * being screwed if they log in at 11:59pm, but also prevents them - * from leaving their browser authenticated for too long. Persistent - * sessions expire after one month. + * sessions are set to expire at the end of the user's browser + * session. Persistent sessions expire after one month. */ public String createNewSession (final User user, boolean persist) throws PersistenceException