Added the facilities for persistent sessions which last 30 days rather

than one day. Also fixed a bug with pruning expired sessions.


git-svn-id: https://samskivert.googlecode.com/svn/trunk@120 6335cc39-0255-0410-8fd6-9bcaacd3b74c
This commit is contained in:
mdb
2001-05-26 04:37:35 +00:00
parent f9163dc894
commit c8a925c524
2 changed files with 23 additions and 13 deletions
@@ -1,5 +1,5 @@
//
// $Id: UserManager.java,v 1.4 2001/03/02 07:35:39 mdb Exp $
// $Id: UserManager.java,v 1.5 2001/05/26 04:37:35 mdb Exp $
package com.samskivert.servlet.user;
@@ -150,9 +150,14 @@ public class UserManager
* response object. If invalid authentication information is provided
* or some other error occurs, an exception will be thrown.
*
* @param username The username supplied by the user.
* @param password The plaintext password supplied by the user.
* @param persist If true, the cookie will expire in one month, if
* false, the cookie will expire in 24 hours.
*
* @return the user object of the authenticated user.
*/
public User login (String username, String password,
public User login (String username, String password, boolean persist,
HttpServletResponse rsp)
throws SQLException, NoSuchUserException, InvalidPasswordException
{
@@ -166,11 +171,15 @@ public class UserManager
}
// generate a new session for this user
String authcode = _repository.createNewSession(user);
String authcode = _repository.createNewSession(user, persist);
// stick it into a cookie for their browsing convenience
Cookie acookie = new Cookie(USERAUTH_COOKIE, authcode);
acookie.setPath("/");
acookie.setMaxAge(24*60*60); // expire in two days
if (persist) {
acookie.setMaxAge(30*24*60*60); // expire in one month
} else {
acookie.setMaxAge(24*60*60); // expire in 24 hours
}
rsp.addCookie(acookie);
return user;
@@ -1,5 +1,5 @@
//
// $Id: UserRepository.java,v 1.7 2001/05/26 03:23:22 mdb Exp $
// $Id: UserRepository.java,v 1.8 2001/05/26 04:37:35 mdb Exp $
package com.samskivert.servlet.user;
@@ -207,20 +207,21 @@ public class UserRepository extends MySQLRepository
/**
* Creates a new session for the specified user and returns the
* randomly generated session identifier for that session. Sessions
* are set to expire in two days which prevents someone from being
* screwed if they log in at 11:59pm, but also prevents them from
* leaving their browser authenticated for too long.
* randomly generated session identifier for that session. Temporary
* sessions are set to expire in two days which prevents someone from
* being screwed if they log in at 11:59pm, but also prevents them
* from leaving their browser authenticated for too long. Persistent
* sessions expire after one month.
*/
public String createNewSession (final User user)
public String createNewSession (final User user, boolean persist)
throws SQLException
{
// generate a random session identifier
final String authcode = UserUtil.genAuthCode(user);
// figure out what 48 hours from now is
// figure out when to expire the session
Calendar cal = Calendar.getInstance();
cal.add(Calendar.DATE, 2);
cal.add(Calendar.DATE, persist ? 30 : 2);
final Date expires = new Date(cal.getTime().getTime());
// insert the session into the database
@@ -248,7 +249,7 @@ public class UserRepository extends MySQLRepository
public void invoke () throws SQLException
{
_session.execute("delete from sessions where " +
"expires >= CURRENT_DATE()");
"expires <= CURRENT_DATE()");
}
});
}