Fixed some minor session handling issues

diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua
index 7692dd2262d158725fd5da263ee0b02d5c647715..296c7624dd43a4861fd0d5a9feb4f5f021cffd16 100644 (file)
--- a/libs/web/luasrc/dispatcher.lua
+++ b/libs/web/luasrc/dispatcher.lua
@@ -182,7 +182,7 @@ function dispatch(request)
                 
                local def  = (type(track.sysauth) == "string") and track.sysauth
                local accs = def and {track.sysauth} or track.sysauth
-               local sess = luci.http.getcookie("sysauth")
+               local sess = ctx.authsession or luci.http.getcookie("sysauth")
                sess = sess and sess:match("^[A-F0-9]+$")
                local user = sauth.read(sess)
                
@@ -197,6 +197,7 @@ function dispatch(request)
                                        if not sess then
                                                sauth.write(sid, user)
                                        end
+                                       ctx.authsession = sid
                                end
                        else
                                luci.http.status(403, "Forbidden")

diff --git a/libs/web/luasrc/sauth.lua b/libs/web/luasrc/sauth.lua
index 0ac236753eaff905e6cee7d303cb6b327d3de6ea..b724bf2d28e13db16af0d2da2e13935433c20553 100644 (file)
--- a/libs/web/luasrc/sauth.lua
+++ b/libs/web/luasrc/sauth.lua
@@ -23,7 +23,7 @@ require("luci.config")
 
 luci.config.sauth = luci.config.sauth or {}
 sessionpath = luci.config.sauth.sessionpath
-sessiontime = tonumber(luci.config.sauth.sessiontime)
+sessiontime = tonumber(luci.config.sauth.sessiontime) or 15 * 60
 
 --- Manually clean up expired sessions.
 function clean()
@@ -57,10 +57,10 @@ end
 -- @param id   Session identifier
 -- @return             Session data
 function read(id)
+       clean()
        if not id or not sane(sessionpath .. "/" .. id) then
                return
        end
-       clean()
        return luci.fs.readfile(sessionpath .. "/" .. id)
 end