diff options
-rw-r--r-- | libs/web/luasrc/dispatcher.lua | 3 | ||||
-rw-r--r-- | libs/web/luasrc/sauth.lua | 4 |
2 files changed, 4 insertions, 3 deletions
diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua index 7692dd226..296c7624d 100644 --- a/libs/web/luasrc/dispatcher.lua +++ b/libs/web/luasrc/dispatcher.lua @@ -182,7 +182,7 @@ function dispatch(request) local def = (type(track.sysauth) == "string") and track.sysauth local accs = def and {track.sysauth} or track.sysauth - local sess = luci.http.getcookie("sysauth") + local sess = ctx.authsession or luci.http.getcookie("sysauth") sess = sess and sess:match("^[A-F0-9]+$") local user = sauth.read(sess) @@ -197,6 +197,7 @@ function dispatch(request) if not sess then sauth.write(sid, user) end + ctx.authsession = sid end else luci.http.status(403, "Forbidden") diff --git a/libs/web/luasrc/sauth.lua b/libs/web/luasrc/sauth.lua index 0ac236753..b724bf2d2 100644 --- a/libs/web/luasrc/sauth.lua +++ b/libs/web/luasrc/sauth.lua @@ -23,7 +23,7 @@ require("luci.config") luci.config.sauth = luci.config.sauth or {} sessionpath = luci.config.sauth.sessionpath -sessiontime = tonumber(luci.config.sauth.sessiontime) +sessiontime = tonumber(luci.config.sauth.sessiontime) or 15 * 60 --- Manually clean up expired sessions. function clean() @@ -57,10 +57,10 @@ end -- @param id Session identifier -- @return Session data function read(id) + clean() if not id or not sane(sessionpath .. "/" .. id) then return end - clean() return luci.fs.readfile(sessionpath .. "/" .. id) end |