save “stay_logged_in” in the session

Since sessions are rebuilt, e.g. when you try to post a blank
comment and therefore receive an error message, the session will
be overwritten without the old max_age.

2 files changed, 9 insertions, 3 deletions

diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index d276a074..d54762b0 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -89,7 +89,7 @@ def login(request):
             if user:
                 # set up login in session
                 if login_form.stay_logged_in.data:
-                    request.session.max_age = 30 * 24 * 60 * 60
+                    request.session['stay_logged_in'] = True
                 request.session['user_id'] = unicode(user.id)
                 request.session.save()
 
diff --git a/mediagoblin/tools/session.py b/mediagoblin/tools/session.py
index ccf96443..d79afb66 100644
--- a/mediagoblin/tools/session.py
+++ b/mediagoblin/tools/session.py
@@ -21,10 +21,11 @@ import crypto
 
 _log = logging.getLogger(__name__)
 
+MAX_AGE = 30 * 24 * 60 * 60
+
 class Session(dict):
     def __init__(self, *args, **kwargs):
         self.send_new_cookie = False
-        self.max_age = None
         dict.__init__(self, *args, **kwargs)
 
     def save(self):
@@ -65,5 +66,10 @@ class SessionManager(object):
         elif not session:
             response.delete_cookie(self.cookie_name)
         else:
+            if session.get('stay_logged_in', False):
+                max_age = MAX_AGE
+            else:
+                max_age = None
+
             response.set_cookie(self.cookie_name, self.signer.dumps(session),
-                max_age=session.max_age, httponly=True)
+                max_age=max_age, httponly=True)