Software /
code /
prosody-modules
Changeset
2701:d96831e46b64
Fix #889
Some buggy clients try to resume unauthenticated sessions and
session.username is nil in this case (that caused the bug).
author | tmolitor <thilo@eightysoft.de> |
---|---|
date | Mon, 24 Apr 2017 20:56:56 +0200 (2017-04-24) |
parents | 2674:c971b2cee2cc |
children | 2702:caabb980d1d8 |
files | mod_smacks/mod_smacks.lua |
diffstat | 1 files changed, 15 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_smacks/mod_smacks.lua Fri Apr 07 23:34:40 2017 +0200 +++ b/mod_smacks/mod_smacks.lua Mon Apr 24 20:56:56 2017 +0200 @@ -49,8 +49,16 @@ if not cache then local store = {}; return { - get = function(user, key) return store[key]; end; - set = function(user, key, value) store[key] = value; end; + get = function(user, key) + if not user then return nil; end + if not key then return nil; end + return store[key]; + end; + set = function(user, key, value) + if not user then return nil; end + if not key then return nil; end + store[key] = value; + end; }; end @@ -58,12 +66,16 @@ local stores = {}; return { get = function(user, key) + if not user then return nil; end + if not key then return nil; end if not stores[user] then stores[user] = cache.new(max_entries, evict_callback); end return stores[user]:get(key); end; set = function(user, key, value) + if not user then return nil; end + if not key then return nil; end if not stores[user] then stores[user] = cache.new(max_entries, evict_callback); end stores[user]:set(key, value); -- remove empty caches completely @@ -73,7 +85,7 @@ end local old_session_registry = init_session_cache(max_old_sessions, nil); local session_registry = init_session_cache(max_hibernated_sessions, function(resumption_token, session) - if session.destroyed then return; end + if session.destroyed then return true; end -- destroyed session can always be removed from cache session.log("warn", "User has too much hibernated sessions, removing oldest session (token: %s)", resumption_token); -- store old session's h values on force delete -- save only actual h value and username/host (for security)