aggressive-murja > 3ea38a21123c94c96eeb0748109073ca7a6b0da0 diff

diff of 3ea38a21123c94c96eeb0748109073ca7a6b0da0

3ea38a21123c94c96eeb0748109073ca7a6b0da0
diff --git a/resources/sql/session-fns.sql b/resources/sql/session-fns.sql
index 9e66362..b6bf9c6 100644
--- a/resources/sql/session-fns.sql
+++ b/resources/sql/session-fns.sql
@@ -18,8 +18,8 @@ join blog.users usr on ss.owner = usr.id
 where usr.username = $2 AND ss.session_key = $3 AND $1 < ss.expires_at;
 
 -- name: login-query-session*
--- count: single
-select ss.session_key
+-- returns: :array-hash
+select ss.session_key, ss.expires_at - $1 AS max_age
 from blog.serialized_session ss
 join blog.users usr on ss.owner = usr.id 
 where usr.username = $2 AND $1 < ss.expires_at;
diff --git a/src/routes/login-routes.lisp b/src/routes/login-routes.lisp
index 122e28e..3a48770 100644
--- a/src/routes/login-routes.lisp
+++ b/src/routes/login-routes.lisp
@@ -13,17 +13,22 @@
 
 (defun get-session-key (username)
   "Creates a new db-backed session for new logins"
-  (let ((old-session (murja.session.db:login-query-session* (murja.session.db:now) username)))
-    (when old-session
-      (log:error "~a tried to log in with an existing session" username))
-    
-    (unless old-session
-      (let* ((session-data (first (coerce (murja.session.db:insert-session* (murja.session.db:now) username) 'list)))
-	     (key (gethash "session_key" session-data))
-	     (max-age (gethash "max_age" session-data)))
-	(multiple-value-bind (year month day hour min sec ms)
-	    (simple-date:decode-interval max-age)
-	  (values key (lisp-fixup:to-secs year month day hour min sec ms)))))))
+  (let ((old-sessions (coerce (murja.session.db:login-query-session* (murja.session.db:now) username) 'list)))
+    (if old-sessions
+	;; logging in from a new device? return the old session-key and expiration
+	(let* ((session-key (gethash "session_key" (first old-sessions)))
+	       (age (gethash "max_age" (first old-sessions))))
+	  (multiple-value-bind (year month day hour min sec ms)
+	      (simple-date:decode-interval age)
+	    (values session-key (lisp-fixup:to-secs year month day hour min sec ms))))
+	
+	;; a fresh session!
+	(let* ((session-data (first (coerce (murja.session.db:insert-session* (murja.session.db:now) username) 'list)))
+	       (key (gethash "session_key" session-data))
+	       (max-age (gethash "max_age" session-data)))
+	  (multiple-value-bind (year month day hour min sec ms)
+	      (simple-date:decode-interval max-age)
+	    (values key (lisp-fixup:to-secs year month day hour min sec ms)))))))
 
 (defroute post-login ("/api/login/login" :method :post :decorators (@test-now @transaction @json)) ()
   (let* ((body (hunchentoot:raw-post-data :force-text t))