diff --git a/src/java/com/samskivert/servlet/user/UserManager.java b/src/java/com/samskivert/servlet/user/UserManager.java index c52b77cf..b883031d 100644 --- a/src/java/com/samskivert/servlet/user/UserManager.java +++ b/src/java/com/samskivert/servlet/user/UserManager.java @@ -269,8 +269,8 @@ public class UserManager HttpServletRequest req, HttpServletResponse rsp) throws PersistenceException { - // generate a new session for this user - String authcode = _repository.createNewSession(user, persist); + // register a session for this user + String authcode = _repository.registerSession(user, persist); // stick it into a cookie for their browsing convenience Cookie acookie = new Cookie(_userAuthCookie, authcode); // strip the hostname from the server and use that as the domain diff --git a/src/java/com/samskivert/servlet/user/UserRepository.java b/src/java/com/samskivert/servlet/user/UserRepository.java index cec71519..70ef87eb 100644 --- a/src/java/com/samskivert/servlet/user/UserRepository.java +++ b/src/java/com/samskivert/servlet/user/UserRepository.java @@ -42,6 +42,7 @@ import com.samskivert.jdbc.jora.FieldMask; import com.samskivert.jdbc.jora.Table; import com.samskivert.util.HashIntMap; import com.samskivert.util.StringUtil; +import com.samskivert.util.Tuple; import com.samskivert.servlet.SiteIdentifier; @@ -276,27 +277,57 @@ public class UserRepository extends JORARepository } /** - * Creates a new session for the specified user and returns the - * randomly generated session identifier for that session. Temporary - * sessions are set to expire at the end of the user's browser - * session. Persistent sessions expire after one month. + * Creates a new session for the specified user and returns the randomly + * generated session identifier for that session. If a session entry + * already exists for the specified user it will be reused. + * + *
Temporary sessions are set to expire in two days (the assumption is
+ * that the browser will be given a non-persistent cookie and we should
+ * prune the session table entry after some reasonable amount of time),
+ * persistent sessions expire after one month.
*/
- public String createNewSession (final User user, boolean persist)
+ public String registerSession (final User user, boolean persist)
throws PersistenceException
{
- // generate a random session identifier
- final String authcode = UserUtil.genAuthCode(user);
-
// figure out when to expire the session
Calendar cal = Calendar.getInstance();
cal.add(Calendar.DATE, persist ? 30 : 2);
final Date expires = new Date(cal.getTime().getTime());
- // insert the session into the database
+ // look for an existing session for this user
+ Tuple