# HG changeset patch # User Robin Green # Date 1309796953 -3600 # Node ID 9c83592de90855e711fe10226c1be16db795d92c # Parent 3f475c6fb168d85fd3bf8fd7b6beeaabc25fcc78# Parent 72e942423f26ebafffc796c48dad1b4bf3707573 Merge diff -r 3f475c6fb168 -r 9c83592de908 src/ur/openidUser.ur --- a/src/ur/openidUser.ur Mon Jul 04 14:08:00 2011 +0100 +++ b/src/ur/openidUser.ur Mon Jul 04 17:29:13 2011 +0100 @@ -86,7 +86,11 @@ if b then return M.afterLogout else - currentUrl + b <- currentUrlHasQueryString; + if b then + return M.afterLogout + else + currentUrl val current = login <- getCookie auth; @@ -126,6 +130,14 @@ | _ => return ()); redirect M.afterLogout + fun newSession identO = + ses <- nextval sessionIds; + now <- now; + key <- rand; + dml (INSERT INTO session (Id, Key, Identifier, Expires) + VALUES ({[ses]}, {[key]}, {[identO]}, {[addSeconds now M.sessionLifetime]})); + return {Session = ses, Key = key} + fun signupDetails after = let fun finishSignup uid data = @@ -155,6 +167,9 @@ case cols of Failure s => return (Some s) | Success cols => + dml (DELETE FROM session + WHERE Id = {[ses.Session]}); + ses <- newSession (Some ident); setCookie auth {Value = LoggedIn ({User = uid} ++ ses), Expires = None, Secure = M.secureCookies}; @@ -204,9 +219,12 @@ if invalid then error Invalid or expired session else - dml (UPDATE session - SET Identifier = {[Some ident]} + dml (DELETE FROM session WHERE Id = {[signup.Session]}); + ses <- newSession (Some ident); + setCookie auth {Value = SigningUp ses, + Expires = None, + Secure = M.secureCookies}; signupDetails after | Some (LoggedIn login) => if login.Session <> ses then @@ -219,9 +237,12 @@ if invalid then error Invalid or expired session else - dml (UPDATE session - SET Identifier = {[Some ident]} + dml (DELETE FROM session WHERE Id = {[login.Session]}); + ses <- newSession (Some ident); + setCookie auth {Value = LoggedIn ({User = login.User} ++ ses), + Expires = None, + Secure = M.secureCookies}; redirect (bless after) | None => error Missing session cookie @@ -254,14 +275,6 @@ redirect (bless after) | None => error Missing session cookie - fun newSession () = - ses <- nextval sessionIds; - now <- now; - key <- rand; - dml (INSERT INTO session (Id, Key, Identifier, Expires) - VALUES ({[ses]}, {[key]}, NULL, {[addSeconds now M.sessionLifetime]})); - return {Session = ses, Key = key} - fun logon after r = ident <- oneOrNoRowsE1 (SELECT (identity.Identifier) FROM identity @@ -270,7 +283,7 @@ case ident of None => error Username not found | Some ident => - ses <- newSession (); + ses <- newSession None; setCookie auth {Value = LoggedIn (r ++ ses), Expires = None, Secure = M.secureCookies}; @@ -285,7 +298,7 @@ error Login with your identity provider failed: {[msg]} fun doSignup after r = - ses <- newSession (); + ses <- newSession None; setCookie auth {Value = SigningUp ses, Expires = None, Secure = M.secureCookies};