diff --git a/projects/samskivert/src/java/com/samskivert/servlet/user/UserManager.java b/projects/samskivert/src/java/com/samskivert/servlet/user/UserManager.java index 3c0baed9..bb533a0e 100644 --- a/projects/samskivert/src/java/com/samskivert/servlet/user/UserManager.java +++ b/projects/samskivert/src/java/com/samskivert/servlet/user/UserManager.java @@ -1,5 +1,5 @@ // -// $Id: UserManager.java,v 1.4 2001/03/02 07:35:39 mdb Exp $ +// $Id: UserManager.java,v 1.5 2001/05/26 04:37:35 mdb Exp $ package com.samskivert.servlet.user; @@ -150,9 +150,14 @@ public class UserManager * response object. If invalid authentication information is provided * or some other error occurs, an exception will be thrown. * + * @param username The username supplied by the user. + * @param password The plaintext password supplied by the user. + * @param persist If true, the cookie will expire in one month, if + * false, the cookie will expire in 24 hours. + * * @return the user object of the authenticated user. */ - public User login (String username, String password, + public User login (String username, String password, boolean persist, HttpServletResponse rsp) throws SQLException, NoSuchUserException, InvalidPasswordException { @@ -166,11 +171,15 @@ public class UserManager } // generate a new session for this user - String authcode = _repository.createNewSession(user); + String authcode = _repository.createNewSession(user, persist); // stick it into a cookie for their browsing convenience Cookie acookie = new Cookie(USERAUTH_COOKIE, authcode); acookie.setPath("/"); - acookie.setMaxAge(24*60*60); // expire in two days + if (persist) { + acookie.setMaxAge(30*24*60*60); // expire in one month + } else { + acookie.setMaxAge(24*60*60); // expire in 24 hours + } rsp.addCookie(acookie); return user; diff --git a/projects/samskivert/src/java/com/samskivert/servlet/user/UserRepository.java b/projects/samskivert/src/java/com/samskivert/servlet/user/UserRepository.java index 8c8c7ab2..4ff6b7f8 100644 --- a/projects/samskivert/src/java/com/samskivert/servlet/user/UserRepository.java +++ b/projects/samskivert/src/java/com/samskivert/servlet/user/UserRepository.java @@ -1,5 +1,5 @@ // -// $Id: UserRepository.java,v 1.7 2001/05/26 03:23:22 mdb Exp $ +// $Id: UserRepository.java,v 1.8 2001/05/26 04:37:35 mdb Exp $ package com.samskivert.servlet.user; @@ -207,20 +207,21 @@ public class UserRepository extends MySQLRepository /** * Creates a new session for the specified user and returns the - * randomly generated session identifier for that session. Sessions - * are set to expire in two days which prevents someone from being - * screwed if they log in at 11:59pm, but also prevents them from - * leaving their browser authenticated for too long. + * randomly generated session identifier for that session. Temporary + * sessions are set to expire in two days which prevents someone from + * being screwed if they log in at 11:59pm, but also prevents them + * from leaving their browser authenticated for too long. Persistent + * sessions expire after one month. */ - public String createNewSession (final User user) + public String createNewSession (final User user, boolean persist) throws SQLException { // generate a random session identifier final String authcode = UserUtil.genAuthCode(user); - // figure out what 48 hours from now is + // figure out when to expire the session Calendar cal = Calendar.getInstance(); - cal.add(Calendar.DATE, 2); + cal.add(Calendar.DATE, persist ? 30 : 2); final Date expires = new Date(cal.getTime().getTime()); // insert the session into the database @@ -248,7 +249,7 @@ public class UserRepository extends MySQLRepository public void invoke () throws SQLException { _session.execute("delete from sessions where " + - "expires >= CURRENT_DATE()"); + "expires <= CURRENT_DATE()"); } }); }