streetsign_server.user_session

Higher level functions for working with users, logging in, sessions, etc.

streetsign_server.user_session

factor out the session handling stuff, so that the views don’t need to worry about it.

exception streetsign_server.user_session.NotLoggedIn

Basic exception for when you MUST be logged in, but aren’t.

streetsign_server.user_session.get_user()

if the user’s session cookie thinks they’re not logged in, raise NotLoggedIn. if the user thinks they are logged in, confirm against the server that they have an active session that we know about, and if not, clear the session they think they have. (Protection against session hi-jacking, and against changing your session user so something it shouldn’t be. The encrypted sessions should not allow this anyway, but this is an extra precaution, for double paranoia.

streetsign_server.user_session.is_admin()

check session against db that the current user is an admin. Doesn’t raise any exceptions, simply returns False if there is an issue

streetsign_server.user_session.logged_in()

is there a ‘logged_in’ in the user’s session cookie?

streetsign_server.user_session.login(username, password)

given a username and password, try to log in (via the db), create a new session id, and set all required session cookie values. Fails with a models password exception if not valid.

streetsign_server.user_session.logout()

remove our current session from the database session list, and clear all relevant session cookie vars.