From 6506f3651f5ed483d6852f9419790220b3258bb0 Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Tue, 20 Oct 2009 22:49:53 +0000
Subject: - Re-issue authentication ticket if the cookie has expired when using
   ``repoze.bfg.security.remember`` when the   ``authtktauthenticationpolicy``
 authentication policy is in effect.   (Patch from Andreas Zeidler).

---
 repoze/bfg/authentication.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'repoze/bfg/authentication.py')

diff --git a/repoze/bfg/authentication.py b/repoze/bfg/authentication.py
index 5bd3e9c4b..144e1bf39 100644
--- a/repoze/bfg/authentication.py
+++ b/repoze/bfg/authentication.py
@@ -352,8 +352,10 @@ class AuthTktCookieHelper(object):
                 (timestamp,old_userid,old_tokens,
                  old_userdata) = auth_tkt.parse_ticket(
                     self.secret, old_cookie_value, remote_addr)
+                now = time.time()
+                expired = self.timeout and ((timestamp + self.timeout) < now)
             except auth_tkt.BadTicket:
-                pass
+                expired = False
 
         encoding_data = self.userid_type_encoders.get(type(userid))
         if encoding_data:
@@ -368,7 +370,7 @@ class AuthTktCookieHelper(object):
         old_data = (old_userid, old_tokens, old_userdata)
         new_data = (userid, tokens, userdata)
 
-        if old_data != new_data:
+        if old_data != new_data or expired:
             ticket = auth_tkt.AuthTicket(
                 self.secret,
                 userid,
-- 
cgit v1.2.3