diff --git a/shared/web/IdentitiesWeb.py b/shared/web/IdentitiesWeb.py index 982338fd..d0d22ccd 100644 --- a/shared/web/IdentitiesWeb.py +++ b/shared/web/IdentitiesWeb.py @@ -557,10 +557,25 @@ class IdentitiesWeb(objects.ObjectsWebMixin, proxyIdentities.IdentitiesProxy): """Liberty Alliance Identity Provider Login Succeeded Method.""" session = context.getVar('session') + newSession = 0 if not session: - return failure(_("No session"), X.roleUrl('login')) + newSession = 1 + req = context.getVar('req') + sessionsProxy = getProxyForServerRole('sessions') + virtualHost = context.getVar('virtualHost') + try: + session = sessionsProxy.newSession( + req.connection.remote_ip, + serverId = virtualHost.defaultDispatcherId) + except: # Do a tighter check? + if context.getVar('debug'): + raise + return failure(_('Failed to initialize a session.'), + X.roleUrl('login')) + sessionToken = session['sessionToken'] + context.setVar('session', session) + context.setVar('sessionToken', sessionToken) - # TODO: create session if needed session['authenticationMethod'] = authenticationMethod context.setVar('userToken', userToken) @@ -587,14 +602,18 @@ class IdentitiesWeb(objects.ObjectsWebMixin, proxyIdentities.IdentitiesProxy): # Non Liberty Alliance local login. if session.has_key('afterLoginUri') and session['afterLoginUri']: nextUri = session['afterLoginUri'] - canUseCookie = context.getVar('canUseCookie', default = 0) - if not canUseCookie: - sessionToken = context.getVar('sessionToken') - nextUri = appendToUri(nextUri, - 'sessionToken=' + sessionToken) else: nextUri = X.rootUrl() - return redirect(nextUri) + if newSession and context.getVar('canUseCookie'): + url = X.roleUrl('define', action = 'testCookie') + url.add('nextUri', nextUri) + url.add('sessionToken', sessionToken) + context.setVar('canUseCookie', 0) + url = url.getAsUrl() + context.setVar('canUseCookie', 1) + return redirect(url) + else: + return redirect(nextUri) # Liberty Alliance login. authenticationRequestKeywords \