def new_session(db, username):
"""
Generate new session and a cookie to the request.
User must exist in the database, otherwise return None.
There should only be one active session per user at any point,
if there is already a session active, use the existing
session id from the cookie
"""
# Check for valid user
cursor = db.cursor()
query = "SELECT username FROM users WHERE username = ?"
cursor.execute(query, (username,))
user = cursor.fetchone()
if not user:
return None
# Check for existing session from user, otherwise generate new session
query = "SELECT sessionid FROM sessions WHERE username = ?"
cursor.execute(query, (username,))
session = cursor.fetchone()
if session:
session_id = session[0]
else:
session_id = str(uuid.uuid4())
query = "INSERT INTO sessions (sessionid, username) VALUES (?, ?)"
cursor.execute(query, (session_id, user[0]))
db.commit()
response.set_cookie(COOKIE, session_id)
return session_id
def delete_session(db, username):
"""
Remove all sessions for a user
"""
cursor = db.cursor()
query = "DELETE FROM sessions WHERE username = ?"
cursor.execute(query, (username,))
db.commit()
session_id = request.get_cookie(COOKIE)
response.set_cookie(COOKIE, session_id, expires=0)
