implement session timeout

owrx/controllers/session.py

@@ -3,10 +3,16 @@ from urllib.parse import parse_qs, urlencode
 from uuid import uuid4
 from http.cookies import SimpleCookie
 from owrx.users import UserList
+from datetime import datetime, timedelta
+
+import logging
+
+logger = logging.getLogger(__name__)
 
 
 class SessionStorage(object):
     sharedInstance = None
+    sessionLifetime = timedelta(hours=6)
 
     @staticmethod
     def getSharedInstance():
@@ -28,10 +34,21 @@ class SessionStorage(object):
     def getSession(self, key):
         if key not in self.sessions:
             return None
-        return self.sessions[key]
+        expires, data = self.sessions[key]
+        if expires < datetime.utcnow():
+            del self.sessions[key]
+            return None
+        return data
 
     def updateSession(self, key, data):
-        self.sessions[key] = data
+        expires = datetime.utcnow() + SessionStorage.sessionLifetime
+        self.sessions[key] = expires, data
+
+    def prolongSession(self, key):
+        data = self.getSession(key)
+        if data is None:
+            raise KeyError("Invalid session key")
+        self.updateSession(key, data)
 
 
 class SessionController(WebpageController):
@@ -52,7 +69,8 @@ class SessionController(WebpageController):
                     target = self.request.query["ref"][0] if "ref" in self.request.query else "/settings"
                     if user.must_change_password:
                         target = "/pwchange?{0}".format(urlencode({"ref": target}))
-                    self.send_redirect(target, cookies=cookie)
+                    self.set_response_cookies(cookie)
+                    self.send_redirect(target)
                     return
         target = "?{}".format(urlencode({"ref": self.request.query["ref"][0]})) if "ref" in self.request.query else ""
         self.send_redirect(self.request.path + target)