summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--libs/web/luasrc/dispatcher.lua3
-rw-r--r--libs/web/luasrc/sauth.lua4
2 files changed, 4 insertions, 3 deletions
diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua
index 7692dd226..296c7624d 100644
--- a/libs/web/luasrc/dispatcher.lua
+++ b/libs/web/luasrc/dispatcher.lua
@@ -182,7 +182,7 @@ function dispatch(request)
local def = (type(track.sysauth) == "string") and track.sysauth
local accs = def and {track.sysauth} or track.sysauth
- local sess = luci.http.getcookie("sysauth")
+ local sess = ctx.authsession or luci.http.getcookie("sysauth")
sess = sess and sess:match("^[A-F0-9]+$")
local user = sauth.read(sess)
@@ -197,6 +197,7 @@ function dispatch(request)
if not sess then
sauth.write(sid, user)
end
+ ctx.authsession = sid
end
else
luci.http.status(403, "Forbidden")
diff --git a/libs/web/luasrc/sauth.lua b/libs/web/luasrc/sauth.lua
index 0ac236753..b724bf2d2 100644
--- a/libs/web/luasrc/sauth.lua
+++ b/libs/web/luasrc/sauth.lua
@@ -23,7 +23,7 @@ require("luci.config")
luci.config.sauth = luci.config.sauth or {}
sessionpath = luci.config.sauth.sessionpath
-sessiontime = tonumber(luci.config.sauth.sessiontime)
+sessiontime = tonumber(luci.config.sauth.sessiontime) or 15 * 60
--- Manually clean up expired sessions.
function clean()
@@ -57,10 +57,10 @@ end
-- @param id Session identifier
-- @return Session data
function read(id)
+ clean()
if not id or not sane(sessionpath .. "/" .. id) then
return
end
- clean()
return luci.fs.readfile(sessionpath .. "/" .. id)
end