When re-creating an expired session, re-use the

[citadel.git] / webcit / context_loop.c

diff --git a/webcit/context_loop.c b/webcit/context_loop.c
index e276383f7342b1b35f9bb702853a19fac1fbd7ba..7f18c09764e39107af46feb81fde7576ff5f14b0 100644 (file)
--- a/webcit/context_loop.c
+++ b/webcit/context_loop.c
@@ -441,7 +441,20 @@ void context_loop(int sock)
                memset(TheSession, 0, sizeof(struct wcsession));
                TheSession->serv_sock = (-1);
                TheSession->chat_sock = (-1);
-               TheSession->wc_session = GenerateSessionID();
+       
+               /* If we're recreating a session that expired, it's best to give it the same
+                * session number that it had before.  The client browser ought to pick up
+                * the new session number and start using it, but in some rare situations it
+                * doesn't, and that's a Bad Thing because it causes lots of spurious sessions
+                * to get created.
+                */     
+               if (desired_session == 0) {
+                       TheSession->wc_session = GenerateSessionID();
+               }
+               else {
+                       TheSession->wc_session = desired_session;
+               }
+
                strcpy(TheSession->httpauth_user, httpauth_user);
                strcpy(TheSession->httpauth_pass, httpauth_pass);
                pthread_mutex_init(&TheSession->SessionMutex, NULL);