expire cookie when bugzilla token is missing/expired

[willkg]

When you log into Ernest, it turns around and logs you into Bugzilla. It keeps the Bugzilla token in cache and gives you an Ernest session cookie.

It's possible for the Bugzilla token to expire or go away. In this instance, your Ernest session cookie should also expire/go away.

This is most easily reproducible when using simple cache. If you run ernest, log into bugzilla, kill ernest, then re-run ernest, then ernest has forgotten your bugzilla token, but you still have a login cookie.

This should get fixed.

[willkg]

There's another issue here where I think we're not caching the Bugzilla tokens correctly and they're expiring from cache.

[willkg]

I looked into it a bit and decided the easiest way to deal with all this is to rewrite all the cache/cookie/authentication code with Flask sessions. Docs on Flask sessions are here:

http://flask.pocoo.org/docs/quickstart/#sessions

That'll clean up a bunch of goofy stuff, so this is a good move.

[willkg]

Sessions are stored client-side and there's no more caching, so that fixes some of the ways this bug manifests itself. The one thing it doesn't fix is if the token expires in Bugzilla. I'm not sure how to reproduce that, so it's hard to test.

Ergo, I'm going to leave this open.