Browse Source

Logged-in hint middleware: minor improvement

remotes/origin/Float_novinky
Tomas Gavenciak 9 years ago
parent
commit
062b3ac138
  1. 8
      mamweb/middleware.py

8
mamweb/middleware.py

@ -13,7 +13,7 @@ class LoggedInHintCookieMiddleware(object):
Note this usually breaks non-GET (POST) requests. Note this usually breaks non-GET (POST) requests.
On secure requests: Updates cookie settings.LOGGED_IN_HINT_COOKIE_NAME to reflect On secure requests: Updates cookie settings.LOGGED_IN_HINT_COOKIE_NAME to reflect
whether an user is logged in in the current session (set/clear). whether an user is logged in in the current session (cookie set to 'True' or cleared).
The cookie is set to expire at the same time as the sessionid cookie. The cookie is set to expire at the same time as the sessionid cookie.
By default, LOGGED_IN_HINT_COOKIE_NAME = 'logged_in_hint'. By default, LOGGED_IN_HINT_COOKIE_NAME = 'logged_in_hint'.
@ -26,7 +26,7 @@ class LoggedInHintCookieMiddleware(object):
def process_request(self, request): def process_request(self, request):
if not request.is_secure(): if not request.is_secure():
if self.cookie_name in request.COOKIES: if self.cookie_name in request.COOKIES and request.COOKIES[self.cookie_name] == 'True':
# redirect insecure (assuming http) requests with hint cookie to https # redirect insecure (assuming http) requests with hint cookie to https
url = HttpRequest.build_absolute_uri() url = HttpRequest.build_absolute_uri()
assert url[:5] == 'http:' assert url[:5] == 'http:'
@ -36,12 +36,12 @@ class LoggedInHintCookieMiddleware(object):
def process_response(self, request, response): def process_response(self, request, response):
if request.is_secure(): if request.is_secure():
# assuming full session info (as the conn. is secure), update hint # assuming full session info (as the conn. is secure), update hint
# cookie value is actually irrelevant, here we set 'True'
if request.user.is_authenticated(): if request.user.is_authenticated():
expiry = None if request.session.get_expire_at_browser_close() else request.session.get_expiry_date() expiry = None if request.session.get_expire_at_browser_close() else request.session.get_expiry_date()
response.set_cookie(self.cookie_name, value='True', expires=expiry, secure=False) response.set_cookie(self.cookie_name, value='True', expires=expiry, secure=False)
else: else:
response.delete_cookie(self.cookie_name) if self.cookie_name in request.COOKIES:
response.delete_cookie(self.cookie_name)
return response return response

Loading…
Cancel
Save