# HG changeset patch
# User Marcin Kuzminski <marcin@python-works.com>
# Date 2012-07-16 16:47:36
# Node ID 44678a64cfaea9e2545b2bb8c0b0dc68f70b3229
# Parent  0ffcbeb76e4faf537c72c00669f09bfc5de3f415

Use HttpFound response in login.
- redirect_to lacks possibility to pass headers
- use those headers for proper Set-Cookie handling

diff --git a/rhodecode/controllers/login.py b/rhodecode/controllers/login.py
--- a/rhodecode/controllers/login.py
+++ b/rhodecode/controllers/login.py
@@ -25,9 +25,10 @@
 
 import logging
 import formencode
+import datetime
 
 from formencode import htmlfill
-
+from webob.exc import HTTPFound
 from pylons.i18n.translation import _
 from pylons.controllers.util import abort, redirect
 from pylons import request, response, session, tmpl_context as c, url
@@ -41,6 +42,7 @@ from rhodecode.model.user import UserMod
 from rhodecode.model.meta import Session
 
 
+
 log = logging.getLogger(__name__)
 
 
@@ -62,6 +64,7 @@ class LoginController(BaseController):
             # import Login Form validator class
             login_form = LoginForm()
             try:
+                session.invalidate()
                 c.form_result = login_form.to_python(dict(request.POST))
                 # form checks for username/password, now we're authenticated
                 username = c.form_result['username']
@@ -70,22 +73,33 @@ class LoginController(BaseController):
                 auth_user.set_authenticated()
                 cs = auth_user.get_cookie_store()
                 session['rhodecode_user'] = cs
+                user.update_lastlogin()
+                Session().commit()
+
                 # If they want to be remembered, update the cookie
                 if c.form_result['remember'] is not False:
-                    session.cookie_expires = False
-                session._set_cookie_values()
-                session._update_cookie_out()
+                    _year = (datetime.datetime.now() +
+                             datetime.timedelta(seconds=60 * 60 * 24 * 365))
+                    session._set_cookie_expires(_year)
+
                 session.save()
 
                 log.info('user %s is now authenticated and stored in '
                          'session, session attrs %s' % (username, cs))
-                user.update_lastlogin()
-                Session.commit()
+
+                # dumps session attrs back to cookie
+                session._update_cookie_out()
+
+                # we set new cookie
+                headers = None
+                if session.request['set_cookie']:
+                    # send set-cookie headers back to response to update cookie
+                    headers = [('Set-Cookie', session.request['cookie_out'])]
 
                 if c.came_from:
-                    return redirect(c.came_from)
+                    raise HTTPFound(location=c.came_from, headers=headers)
                 else:
-                    return redirect(url('home'))
+                    raise HTTPFound(location=url('home'), headers=headers)
 
             except formencode.Invalid, errors:
                 return htmlfill.render(
@@ -115,7 +129,7 @@ class LoginController(BaseController):
                 UserModel().create_registration(form_result)
                 h.flash(_('You have successfully registered into rhodecode'),
                             category='success')
-                Session.commit()
+                Session().commit()
                 return redirect(url('login_home'))
 
             except formencode.Invalid, errors: