def session_set(): global G_SESSION, G_USER id_is_good = False # get cookies c = Cookie.SimpleCookie() c.load(os.environ["HTTP_COOKIE"]) #print "Content-type: text/html\n" #print "name =",c,"<BR>" # if hash value given by browser then check to see if it is OK. cookie_name=include.get_cookie_prefix()+'_session_hash' if c.has_key(cookie_name): cursor = include.dbh.cursor(cursorclass=MySQLdb.cursors.DictCursor) cursor.execute("SELECT user_id,session_hash,ip_addr,time FROM session WHERE session_hash='"+c[cookie_name].value+"'") row = cursor.fetchone() cursor.close() # does hash value exists if row is not None: if session_checkip(row['ip_addr'], os.environ['REMOTE_ADDR']): id_is_good = True if id_is_good: G_SESSION = row session_setglobals(G_SESSION['user_id']) else: G_SESSION = {} G_USER = {}
def session_set(): global G_SESSION, G_USER id_is_good = False # get cookies c = Cookie.SimpleCookie() c.load(os.environ["HTTP_COOKIE"]) # if hash value given by browser then check to see if it is OK. cookie_name=include.get_cookie_prefix()+'_session_hash' if c.has_key(cookie_name): current_time = time.time() cursor = include.dbh.cursor(cursorclass=MySQLdb.cursors.DictCursor) cursor.execute( "SELECT user_id,session_hash,ip_addr,time FROM session WHERE session_hash=%s AND time + %s > %s ", (c[cookie_name].value, include.sys_session_lifetime, current_time) ) row = cursor.fetchone() cursor.close() # does hash value exists if row is not None: id_is_good = True if id_is_good: G_SESSION = row session_setglobals(G_SESSION['user_id']) else: G_SESSION = {} G_USER = {}
def session_set(): global G_SESSION, G_USER id_is_good = False # get cookies c = Cookie.SimpleCookie() c.load(os.environ["HTTP_COOKIE"]) #print "Content-type: text/html\n" #print "name =",c,"<BR>" # if hash value given by browser then check to see if it is OK. cookie_name = include.get_cookie_prefix() + '_session_hash' if c.has_key(cookie_name): cursor = include.dbh.cursor(cursorclass=MySQLdb.cursors.DictCursor) cursor.execute( "SELECT user_id,session_hash,ip_addr,time FROM session WHERE session_hash='" + c[cookie_name].value + "'") row = cursor.fetchone() cursor.close() # does hash value exists if row is not None: if session_checkip(row['ip_addr'], os.environ['REMOTE_ADDR']): id_is_good = True if id_is_good: G_SESSION = row session_setglobals(G_SESSION['user_id']) else: G_SESSION = {} G_USER = {}
def session_set(): global G_SESSION, G_USER id_is_good = False # get cookies c = Cookie.SimpleCookie() c.load(os.environ["HTTP_COOKIE"]) # if hash value given by browser then check to see if it is OK. cookie_name = include.get_cookie_prefix() + '_session_hash' if c.has_key(cookie_name): cursor = include.dbh.cursor(cursorclass=MySQLdb.cursors.DictCursor) cursor.execute( "SELECT user_id,session_hash,ip_addr,time FROM session WHERE session_hash=%s", c[cookie_name].value) row = cursor.fetchone() cursor.close() # does hash value exists if row is not None: id_is_good = True if id_is_good: G_SESSION = row session_setglobals(G_SESSION['user_id']) else: G_SESSION = {} G_USER = {}
def session_set(): global G_SESSION, G_USER id_is_good = False # get cookies c = Cookie.SimpleCookie() c.load(os.environ["HTTP_COOKIE"]) # if hash value given by browser then check to see if it is OK. cookie_name = include.get_cookie_prefix() + '_session_hash' if cookie_name in c: session_identifier_parts = c[cookie_name].value.split('.') if len(session_identifier_parts) != 2: G_SESSION = {} G_USER = {} return None (session_id, session_token) = session_identifier_parts current_time = time.time() cursor = include.dbh.cursor(cursorclass=MySQLdb.cursors.DictCursor) cursor.execute( "SELECT * FROM session WHERE id = %s AND time + %s > %s", (session_id, include.sys_session_lifetime, current_time)) row = cursor.fetchone() cursor.close() hashed_session_token = hashlib.sha256(session_token).hexdigest() if row is not None and include.constant_time_str_compare( row['session_hash'], hashed_session_token): id_is_good = True if id_is_good: G_SESSION = row session_setglobals(G_SESSION['user_id']) else: G_SESSION = {} G_USER = {}
def session_set(): global G_SESSION, G_USER id_is_good = False # get cookies c = Cookie.SimpleCookie() c.load(os.environ["HTTP_COOKIE"]) # if hash value given by browser then check to see if it is OK. cookie_name = include.get_cookie_prefix()+'_session_hash' if cookie_name in c: session_identifier_parts = c[cookie_name].value.split('.') if len(session_identifier_parts) != 2: G_SESSION = {} G_USER = {} return None (session_id, session_token) = session_identifier_parts current_time = time.time() cursor = include.dbh.cursor(cursorclass=MySQLdb.cursors.DictCursor) cursor.execute( "SELECT * FROM session WHERE id = %s AND time + %s > %s", (session_id, include.sys_session_lifetime, current_time) ) row = cursor.fetchone() cursor.close() hashed_session_token = hashlib.sha256(session_token).hexdigest() if row is not None and include.constant_time_str_compare(row['session_hash'], hashed_session_token): id_is_good = True if id_is_good: G_SESSION = row session_setglobals(G_SESSION['user_id']) else: G_SESSION = {} G_USER = {}