]> jfr.im git - irc/quakenet/qwebirc.git/blobdiff - js/auth.js
projects / irc / quakenet / qwebirc.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
switch to using sessionStorage for login tickets + store qticket in there instead...
[irc/quakenet/qwebirc.git] / js / auth.js
diff --git a/js/auth.js b/js/auth.js
index 29fb97efa71f50cf592801a5b04da241a886a267..31114eb35c2fc390ca46dd6a38608b6581aec66d 100644 (file)
--- a/js/auth.js
+++ b/js/auth.js
@@ -1,8 +1,29 @@
-qwebirc.auth.loggedin = function() {
-  var user = Cookie.read("user");
-  var expiry = Cookie.read("loggedin");
-  if(user && expiry)
-    return user;
+qwebirc.auth.loggedin = function(uiUsage) {
+  if (typeof sessionStorage === "undefined") {
+    return;
+  }
+
+  var ticket = sessionStorage.getItem("qticket");
+  var user = sessionStorage.getItem("qticket_username");
+  var expiry = sessionStorage.getItem("qticket_expiry");
+
+  if (ticket === null) {
+    return;
+  }
+
+  if (uiUsage) {
+    if (Date.now() > expiry) {
+      sessionStorage.removeItem("qticket");
+      sessionStorage.removeItem("qticket_username");
+      sessionStorage.removeItem("qticket_expiry");
+      return;
+    }
+  } else {
+    /* if our ticket expired after we've shown it to the user: send it anyway */
+    /* we have a small grace period, and the server will tell the user if has really expired */
+  }
+
+  return [user, ticket];
 }
 
 qwebirc.auth.enabled = function() {
Unnamed repository; edit this file 'description' to name the repository.