diff src/ur/openidUser.ur @ 54:1876aa854263

Merge from upstream.
author Karn Kallio <kkallio@eka>
date Mon, 04 Jul 2011 10:36:15 -0430
parents 72e942423f26
children 9c83592de908 328a429dfedb
line wrap: on
line diff
--- a/src/ur/openidUser.ur	Sun Jul 03 14:39:26 2011 -0430
+++ b/src/ur/openidUser.ur	Mon Jul 04 10:36:15 2011 -0430
@@ -84,7 +84,11 @@
         if b then
             return M.afterLogout
         else
-            currentUrl
+            b <- currentUrlHasQueryString;
+            if b then
+                return M.afterLogout
+            else
+                currentUrl
 
     val current =
         login <- getCookie auth;
@@ -117,6 +121,14 @@
                 clearCookie auth;
                 redirect M.afterLogout
 
+            fun newSession identO =
+                ses <- nextval sessionIds;
+                now <- now;
+                key <- rand;
+                dml (INSERT INTO session (Id, Key, Identifier, Expires)
+                     VALUES ({[ses]}, {[key]}, {[identO]}, {[addSeconds now M.sessionLifetime]}));
+                return {Session = ses, Key = key}
+
             fun signupDetails after =
                 let
                     fun finishSignup uid data =
@@ -146,6 +158,9 @@
                                         case cols of
                                             Failure s => return (Some s)
                                           | Success cols =>
+                                            dml (DELETE FROM session
+                                                 WHERE Id = {[ses.Session]});
+                                            ses <- newSession (Some ident);
                                             setCookie auth {Value = LoggedIn ({User = uid} ++ ses),
                                                             Expires = None,
                                                             Secure = M.secureCookies};
@@ -195,9 +210,12 @@
                             if invalid then
                                 error <xml>Invalid or expired session</xml>
                             else
-                                dml (UPDATE session
-                                     SET Identifier = {[Some ident]}
+                                dml (DELETE FROM session
                                      WHERE Id = {[signup.Session]});
+                                ses <- newSession (Some ident);
+                                setCookie auth {Value = SigningUp ses,
+                                                Expires = None,
+                                                Secure = M.secureCookies};
                                 signupDetails after
                       | Some (LoggedIn login) =>
                         if login.Session <> ses then
@@ -210,9 +228,12 @@
                             if invalid then
                                 error <xml>Invalid or expired session</xml>
                             else
-                                dml (UPDATE session
-                                     SET Identifier = {[Some ident]}
+                                dml (DELETE FROM session
                                      WHERE Id = {[login.Session]});
+                                ses <- newSession (Some ident);
+                                setCookie auth {Value = LoggedIn ({User = login.User} ++ ses),
+                                                Expires = None,
+                                                Secure = M.secureCookies};
                                 redirect (bless after)
                       | None => error <xml>Missing session cookie</xml>
 
@@ -245,14 +266,6 @@
                         redirect (bless after)
                   | None => error <xml>Missing session cookie</xml>
 
-            fun newSession () =
-                ses <- nextval sessionIds;
-                now <- now;
-                key <- rand;
-                dml (INSERT INTO session (Id, Key, Identifier, Expires)
-                     VALUES ({[ses]}, {[key]}, NULL, {[addSeconds now M.sessionLifetime]}));
-                return {Session = ses, Key = key}
-
             fun logon after r =
                 ident <- oneOrNoRowsE1 (SELECT (identity.Identifier)
                                         FROM identity
@@ -261,7 +274,7 @@
                 case ident of
                     None => error <xml>Username not found</xml>
                   | Some ident =>
-                    ses <- newSession ();
+                    ses <- newSession None;
                     setCookie auth {Value = LoggedIn (r ++ ses),
                                     Expires = None,
                                     Secure = M.secureCookies};
@@ -276,7 +289,7 @@
                         error <xml>Login with your identity provider failed: {[msg]}</xml>
 
             fun doSignup after r =
-                ses <- newSession ();
+                ses <- newSession None;
                 setCookie auth {Value = SigningUp ses,
                                 Expires = None,
                                 Secure = M.secureCookies};