Fixed some minor session handling issues

2 files changed, 4 insertions, 3 deletions

diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua
index 7692dd226..296c7624d 100644
--- a/libs/web/luasrc/dispatcher.lua
+++ b/libs/web/luasrc/dispatcher.lua
@@ -182,7 +182,7 @@ function dispatch(request)
 		 
 		local def  = (type(track.sysauth) == "string") and track.sysauth
 		local accs = def and {track.sysauth} or track.sysauth
-		local sess = luci.http.getcookie("sysauth")
+		local sess = ctx.authsession or luci.http.getcookie("sysauth")
 		sess = sess and sess:match("^[A-F0-9]+$")
 		local user = sauth.read(sess)
 		
@@ -197,6 +197,7 @@ function dispatch(request)
 					if not sess then
 						sauth.write(sid, user)
 					end
+					ctx.authsession = sid
 				end
 			else
 				luci.http.status(403, "Forbidden")
diff --git a/libs/web/luasrc/sauth.lua b/libs/web/luasrc/sauth.lua
index 0ac236753..b724bf2d2 100644
--- a/libs/web/luasrc/sauth.lua
+++ b/libs/web/luasrc/sauth.lua
@@ -23,7 +23,7 @@ require("luci.config")
 
 luci.config.sauth = luci.config.sauth or {}
 sessionpath = luci.config.sauth.sessionpath
-sessiontime = tonumber(luci.config.sauth.sessiontime)
+sessiontime = tonumber(luci.config.sauth.sessiontime) or 15 * 60
 
 --- Manually clean up expired sessions.
 function clean()
@@ -57,10 +57,10 @@ end
 -- @param id	Session identifier
 -- @return		Session data
 function read(id)
+	clean()
 	if not id or not sane(sessionpath .. "/" .. id) then
 		return
 	end
-	clean()
 	return luci.fs.readfile(sessionpath .. "/" .. id)
 end