diff options
| -rw-r--r-- | mediagoblin/app.py | 8 | ||||
| -rw-r--r-- | mediagoblin/tools/session.py | 9 |
2 files changed, 12 insertions, 5 deletions
diff --git a/mediagoblin/app.py b/mediagoblin/app.py index 2c772fe1..1137c0d7 100644 --- a/mediagoblin/app.py +++ b/mediagoblin/app.py @@ -73,6 +73,9 @@ class MediaGoblinApp(object): # Setup other connections / useful objects ########################################## + # Setup Session Manager, not needed in celery + self.session_manager = session.SessionManager() + # load all available locales setup_locales() @@ -157,7 +160,7 @@ class MediaGoblinApp(object): ## Attach utilities to the request object # Do we really want to load this via middleware? Maybe? - session_manager = session.SessionManager() + session_manager = self.session_manager request.session = session_manager.load_session_from_cookie(request) # Attach self as request.app # Also attach a few utilities from request.app for convenience? @@ -227,7 +230,8 @@ class MediaGoblinApp(object): response = render_http_exeption( request, e, e.get_description(environ)) - session_manager.save_session_to_cookie(request.session, response) + session_manager.save_session_to_cookie(request.session, + request, response) return response(environ, start_response) diff --git a/mediagoblin/tools/session.py b/mediagoblin/tools/session.py index d452b851..64220ed9 100644 --- a/mediagoblin/tools/session.py +++ b/mediagoblin/tools/session.py @@ -58,10 +58,13 @@ class SessionManager(object): except itsdangerous.BadData: return Session() - def save_session_to_cookie(self, session, response): + def save_session_to_cookie(self, session, request, response): if not session.is_updated(): return elif not session: - response.delete_cookie(self.cookie_name) + response.delete_cookie(self.cookie_name, + path=request.environ['SCRIPT_NAME']) else: - response.set_cookie(self.cookie_name, self.signer.dumps(session)) + response.set_cookie(self.cookie_name, self.signer.dumps(session), + path=request.environ['SCRIPT_NAME'], + httponly=True) |