From 916b566d5beb27c8c0950b84306c9ed186b84e1a Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Mon, 5 Sep 2011 17:43:28 -0500 Subject: Track whether forget or remember were called before reissue headers are automatically applied to a response. Fixes #262. --- pyramid/authentication.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pyramid/authentication.py b/pyramid/authentication.py index b61a044f2..446a9bd5a 100644 --- a/pyramid/authentication.py +++ b/pyramid/authentication.py @@ -662,7 +662,11 @@ class AuthTktCookieHelper(object): tokens = filter(None, tokens) headers = self.remember(request, userid, max_age=self.max_age, tokens=tokens) - add_global_response_headers(request, headers) + def reissue_authtkt(request, response): + if not hasattr(request, '_authtkt_reissue_revoked'): + for k, v in headers: + response.headerlist.append((k, v)) + request.add_response_callback(reissue_authtkt) request._authtkt_reissued = True environ['REMOTE_USER_TOKENS'] = tokens @@ -680,6 +684,7 @@ class AuthTktCookieHelper(object): """ Return a set of expires Set-Cookie headers, which will destroy any existing auth_tkt cookie when attached to a response""" environ = request.environ + request._authtkt_reissue_revoked = True return self._get_cookies(environ, '', max_age=EXPIRE) def remember(self, request, userid, max_age=None, tokens=()): @@ -724,6 +729,9 @@ class AuthTktCookieHelper(object): if not (isinstance(token, str) and VALID_TOKEN.match(token)): raise ValueError("Invalid token %r" % (token,)) + if hasattr(request, '_authtkt_reissued'): + request._authtkt_reissue_revoked = True + ticket = self.AuthTicket( self.secret, userid, -- cgit v1.2.3