# HG changeset patch
# User bsw
# Date 1343908721 -7200
# Node ID 0eef836b8f5489db6ba525d5086554834987de60
# Parent  268b74abaceb67a6e4f9b80bf79be3b856f18d6b
Pay attention to session_key submitted in POST body

diff -r 268b74abaceb -r 0eef836b8f54 lfapi.js
--- a/lfapi.js	Tue Jul 31 11:51:46 2012 +0200
+++ b/lfapi.js	Thu Aug 02 13:58:41 2012 +0200
@@ -34,16 +34,6 @@
 
   req.sessions = sessions;
   
-  // session handling
-  if (params.session_key) {
-    if (sessions[params.session_key]) {
-      req.current_member_id = sessions[params.session_key];
-      req.current_access_level = 'member'
-    } else {
-      main.respond('json', null, req, res, 'forbidden', 'Invalid session key');
-    }
-  }
-  
   // pick cookies from http headers
   var cookies = {};
   if (req.headers.cookie) {
@@ -53,8 +43,6 @@
     });
   };
   
-  console.log(req.socket._idleStart, req.socket.remoteAddress, req.current_member_id, req.current_access_level, req.method, url_info.pathname, url_info.query);
-
   var body = '';
   req.on('data', function (data) {
       body += data;
@@ -65,6 +53,20 @@
       params[key] = post_params[key];
     };
 
+    console.log(req.socket._idleStart, req.socket.remoteAddress, req.current_member_id, req.current_access_level, req.method, url_info.pathname, url_info.query);
+
+    // session handling
+    if (params.session_key) {
+      if (sessions[params.session_key]) {
+        req.current_member_id = sessions[params.session_key];
+        req.current_access_level = 'member'
+      } else {
+        main.respond('json', null, req, res, 'forbidden', 'Invalid session key');
+      }
+    }
+    
+
+    
     if (['POST', 'DELETE'].includes(params.http_method)) {
       req.method = params.http_method;
     }