From 0e8493587628efc182e72f9502e7206cf0dcea1b Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jbjohnso@us.ibm.com>
Date: Wed, 29 Jan 2014 09:12:06 -0500
Subject: [PATCH] Report on bad session ids

If an authorized user tries to use a session id that isn't recognized
(for example, a laptop coming out of suspend), cleanly return error
rather than traceback.
---
 confluent/httpapi.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/confluent/httpapi.py b/confluent/httpapi.py
index 357fe81e..d30a7d74 100644
--- a/confluent/httpapi.py
+++ b/confluent/httpapi.py
@@ -217,12 +217,18 @@ def resourcehandler(env, start_response):
             for idx in xrange(0, len(querydict['keys']), 2):
                 input += chr(int(querydict['keys'][idx:idx+2],16))
             sessid = querydict['session']
+            if sessid not in consolesessions:
+                start_response('400 Expired Session', headers)
+                return
             consolesessions[sessid]['expiry'] = time.time() + 90
             consolesessions[sessid]['session'].write(input)
             start_response('200 OK', headers)
             return # client has requests to send or receive, not both...
         else: #no keys, but a session, means it's hooking to receive data
             sessid = querydict['session']
+            if sessid not in consolesessions:
+                start_response('400 Expired Session', headers)
+                return
             consolesessions[sessid]['expiry'] = time.time() + 90
             outdata = consolesessions[sessid]['session'].get_next_output(timeout=45)
             try: