# HG changeset patch # User Karn Kallio # Date 1309791975 16200 # Node ID 1876aa85426361d8b42531e40957415b32749d36 # Parent ac1f1d44560ddf7da1924555aeee813b1289e24f# Parent 72e942423f26ebafffc796c48dad1b4bf3707573 Merge from upstream. diff -r ac1f1d44560d -r 1876aa854263 src/ur/openidUser.ur --- a/src/ur/openidUser.ur Sun Jul 03 14:39:26 2011 -0430 +++ b/src/ur/openidUser.ur Mon Jul 04 10:36:15 2011 -0430 @@ -84,7 +84,11 @@ if b then return M.afterLogout else - currentUrl + b <- currentUrlHasQueryString; + if b then + return M.afterLogout + else + currentUrl val current = login <- getCookie auth; @@ -117,6 +121,14 @@ clearCookie auth; redirect M.afterLogout + fun newSession identO = + ses <- nextval sessionIds; + now <- now; + key <- rand; + dml (INSERT INTO session (Id, Key, Identifier, Expires) + VALUES ({[ses]}, {[key]}, {[identO]}, {[addSeconds now M.sessionLifetime]})); + return {Session = ses, Key = key} + fun signupDetails after = let fun finishSignup uid data = @@ -146,6 +158,9 @@ case cols of Failure s => return (Some s) | Success cols => + dml (DELETE FROM session + WHERE Id = {[ses.Session]}); + ses <- newSession (Some ident); setCookie auth {Value = LoggedIn ({User = uid} ++ ses), Expires = None, Secure = M.secureCookies}; @@ -195,9 +210,12 @@ if invalid then error Invalid or expired session else - dml (UPDATE session - SET Identifier = {[Some ident]} + dml (DELETE FROM session WHERE Id = {[signup.Session]}); + ses <- newSession (Some ident); + setCookie auth {Value = SigningUp ses, + Expires = None, + Secure = M.secureCookies}; signupDetails after | Some (LoggedIn login) => if login.Session <> ses then @@ -210,9 +228,12 @@ if invalid then error Invalid or expired session else - dml (UPDATE session - SET Identifier = {[Some ident]} + dml (DELETE FROM session WHERE Id = {[login.Session]}); + ses <- newSession (Some ident); + setCookie auth {Value = LoggedIn ({User = login.User} ++ ses), + Expires = None, + Secure = M.secureCookies}; redirect (bless after) | None => error Missing session cookie @@ -245,14 +266,6 @@ redirect (bless after) | None => error Missing session cookie - fun newSession () = - ses <- nextval sessionIds; - now <- now; - key <- rand; - dml (INSERT INTO session (Id, Key, Identifier, Expires) - VALUES ({[ses]}, {[key]}, NULL, {[addSeconds now M.sessionLifetime]})); - return {Session = ses, Key = key} - fun logon after r = ident <- oneOrNoRowsE1 (SELECT (identity.Identifier) FROM identity @@ -261,7 +274,7 @@ case ident of None => error Username not found | Some ident => - ses <- newSession (); + ses <- newSession None; setCookie auth {Value = LoggedIn (r ++ ses), Expires = None, Secure = M.secureCookies}; @@ -276,7 +289,7 @@ error Login with your identity provider failed: {[msg]} fun doSignup after r = - ses <- newSession (); + ses <- newSession None; setCookie auth {Value = SigningUp ses, Expires = None, Secure = M.secureCookies};