Fixes in cookies

2016-04-17 05:00:09 +02:00 · 2016-04-17 05:00:09 +02:00 · b91b8b890b
commit b91b8b890b
parent 963254a7ec
5 changed files with 58 additions and 58 deletions
--- a/paramecio/citoplasma/httputils.py
+++ b/paramecio/citoplasma/httputils.py
@ -37,13 +37,13 @@ class GetPostFiles:
            
            GetPostFiles.post['csrf_token']=GetPostFiles.post.get('csrf_token', '')
            
-            if GetPostFiles.post['csrf_token']!=s['csrf_token']:
+            if GetPostFiles.post['csrf_token']!=s['csrf_token'] and GetPostFiles.post['csrf_token'].strip()!="":
                
                raise NameError('Error: you need a valid csrf_token')
            else:
                #Clean csrf_token
                
-                s['csrf_token']=''
+                del s['csrf_token']
                

        else:
--- a/paramecio/citoplasma/sessions.py
+++ b/paramecio/citoplasma/sessions.py
@ -63,13 +63,12 @@ class ParamecioSession:
        return self.session.keys()
        
    def remove(self):
-        print("pepe")
-        response.delete_cookie(config.cookie_name)
+        response.delete_cookie(config.cookie_name, path="/")

 def generate_session():
    
    random_text=create_key_encrypt_256(30)
-    response.set_cookie(config.cookie_name, random_text)
+    response.set_cookie(config.cookie_name, random_text, secret=config.key_encrypt, path="/")
    request.environ[config.cookie_name]={'token': random_text}

 def get_session():
--- a/paramecio/index.py
+++ b/paramecio/index.py
@ -136,9 +136,11 @@ if config.session_enabled==True:
        if not os.path.isdir(config.session_opts['session.data_dir']):
            os.makedirs(config.session_opts['session.data_dir'], 0o700, True)

+    if config.session_opts['session.type']=='file':
+
        def load_session():
            
-        code_session=request.get_cookie(config.cookie_name)
+            code_session=request.get_cookie(config.cookie_name, secret=config.key_encrypt)
            
            if code_session==None:
                # Send cookie
--- a/paramecio/modules/admin/index.py
+++ b/paramecio/modules/admin/index.py
@ -215,7 +215,7 @@ def login():
            s['privileges']=arr_user['privileges']
            
            remember_login=GetPostFiles.post.get('remember_login', '0')
-            
+            """
            if remember_login=='1':
                
                timestamp=time()+315360000
@ -238,7 +238,7 @@ def login():
                #else:
                    #print(user_admin.query_error)
            #s.save()
-            
+            """
            return {'error': 0}
        else:
            return {'error': 1}
@ -294,21 +294,21 @@ def logout():
    
    s=get_session()
    
-    if 'login' in s.keys():
+    #if 'login' in s.keys():
    
-        del s['login']
-        del s['privileges']
+    #    del s['login']
+    #    del s['privileges']
        
        #s.save()
    
+    s.remove()
+    
    if request.get_cookie("remember_login", secret=key_encrypt):
           
        # delete cookie
-        response.delete_cookie("remember_login")
+        response.delete_cookie("remember_login", path="/")
    
-    #Remove cookie session
-    
-    s.remove()
+    #return ""
    
    redirect('/'+config.admin_folder)
    
--- a/paramecio/settings/config.py.sample
+++ b/paramecio/settings/config.py.sample
@ -53,7 +53,6 @@ cookie_name = 'paramecio.session'

 session_opts = {
    'session.type': 'file',
-    'session.cookie_expires': False,
    'session.data_dir': './sessions'
 }