Navigation

← Previous Changeset
Next Changeset →

Changeset 3386

Timestamp:

06/30/08 14:03:02 (6 months ago)

Author:

hans

Message:

Refactor SESSION-VERIFY for improved readability.

Files:

trunk/thirdparty/hunchentoot/session.lisp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/thirdparty/hunchentoot/session.lisp

r3262	r3386
241	241	(destructuring-bind (id-string session-string)
242	242	(split ":" session-identifier :limit 2)
243		(let* ((id (and (scan "^\\d+$" id-string)
244		(parse-integer id-string
245		:junk-allowed t)))
246		(session (and id
247		(get-stored-session id)))
	243	(let* ((id (parse-integer id-string))
	244	(session (get-stored-session id))
248	245	(user-agent (user-agent request))
249	246	(remote-addr (remote-addr request)))
250		(unless (and session
251		session-string
252		(string= session-string
253		(session-string session))
254		(string= session-string
255		(encode-session-string id
256		user-agent
257		(real-remote-addr request)
258		(session-start session))))
259		(when reply
260		(cond ((null session)
261		(log-message* :info
262		"No session for session identifier '~A' (User-Agent: '~A', IP: '~A')"
263		session-identifier user-agent remote-addr))
264		(t
265		(log-message* :warning
266		"Fake session identifier '~A' (User-Agent: '~A', IP: '~A')"
267		session-identifier user-agent remote-addr))))
268		(when session
269		(remove-session session))
270		(return-from session-verify nil))
271		(incf (slot-value session 'session-counter))
272		(setf (slot-value session 'last-click) (get-universal-time))
273		session))))
	247	(cond
	248	((and session
	249	(string= session-string
	250	(session-string session))
	251	(string= session-string
	252	(encode-session-string id
	253	user-agent
	254	(real-remote-addr request)
	255	(session-start session))))
	256	;; The session key presented by the client is valid.
	257	(incf (slot-value session 'session-counter))
	258	(setf (slot-value session 'last-click) (get-universal-time))
	259	session)
	260	(session
	261	;; The session ID pointed to an existing session, but the
	262	;; session string did not match the expected session
	263	;; string. Report to the log file, remove the session to
	264	;; make sure that it can't be used again. The original
	265	;; legitimate user will be required to log in again.
	266	(log-message* :warning
	267	"Fake session identifier '~A' (User-Agent: '~A', IP: '~A')"
	268	session-identifier user-agent remote-addr)
	269	(remove-session session)
	270	nil)
	271	(t
	272	;; No session was found under the ID given, presumably
	273	;; because it has expired.
	274	(log-message* :info
	275	"No session for session identifier '~A' (User-Agent: '~A', IP: '~A')"
	276	session-identifier user-agent remote-addr)
	277	nil))))))
274	278
275	279	(defun reset-sessions ()

Navigation

Changeset 3386

Legend:

trunk/thirdparty/hunchentoot/session.lisp

Download in other formats: