diff --git a/common/auth.c b/common/auth.c
line changes: +33/-22
index 6638748..ca4017e
--- a/common/auth.c
+++ b/common/auth.c

@@ -1,6 +1,7 @@
 /* Blerg is (C) 2011 The Dominion of Awesome, and is distributed under a
  * BSD-style license.  Please see the COPYING file for details.
  */
+#include <sys/file.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>

@@ -14,6 +15,7 @@
 #include "database.h"
 #include "auth.h"
 #include "util.h"
+#include "stringring.h"
 #include "md5.h"
 
 int auth_set_password(const char *username, const char *password) {

@@ -225,7 +227,7 @@ int auth_check_scrypt(struct auth_v2 *auth, const char *username, const char *pa
 	unsigned char givenpw[SCRYPT_OUTPUT_SIZE];
 	int r;
 
-	r = crypto_scrypt(password, strlen(password), auth->salt, SCRYPT_SALT_SIZE, SCRYPT_N, SCRYPT_r, SCRYPT_p, givenpw, SCRYPT_OUTPUT_SIZE);
+	r = crypto_scrypt((const uint8_t *)password, strlen(password), auth->salt, SCRYPT_SALT_SIZE, SCRYPT_N, SCRYPT_r, SCRYPT_p, givenpw, SCRYPT_OUTPUT_SIZE);
 	if (r != 0) {
 		fprintf(stderr, "Failure in scrypt for %s\n", username);
 		return 0;

@@ -239,7 +241,6 @@ int auth_check_scrypt(struct auth_v2 *auth, const char *username, const char *pa
 
 int auth_check_password_v1(const char *username, const char *password) {
 	struct auth_v2 auth;
-	int r;
 
 	if (auth_get_password(username, (char *)auth.password) == 0)
 		return 0;

@@ -252,7 +253,6 @@ int auth_check_password_v1(const char *username, const char *password) {
 
 int auth_check_password_v2(const char *username, const char *password) {
 	struct auth_v2 auth;
-	int r;
 
 	if (auth_get_data(username, (void *) &auth, sizeof(struct auth_v2)) == 0)
 		return 0;

@@ -321,34 +321,32 @@ char *create_random_token() {
 
 char * auth_login(const char *username, const char *password) {
 	char filename[FILENAME_MAX];
-	int token_fd;
+	struct stringring *sr;
+	char *token;
+
 
 	if (!auth_check_password(username, password))
 		return NULL;
 
-	char *token = create_random_token();
-
 	snprintf(filename, FILENAME_MAX, "%s/%s/tokens", blergconf.data_path, username);
-	if (access(filename, F_OK) != 0) {
-		if (mkdir(filename, 0700) == -1) {
-			perror("Could not create auth token dir");
-			return NULL;
-		}
+	sr = stringring_open(filename);
+	if (sr == NULL) {
+		return NULL;
 	}
-
-	snprintf(filename, FILENAME_MAX, "%s/%s/tokens/%s", blergconf.data_path, username, token);
-	token_fd = open(filename, O_WRONLY | O_CREAT, 0600);
-	if (token_fd == -1) {
-		perror("Could not open token");
+	token = create_random_token();
+	if (!stringring_add(sr, token)) {
+		free(token);
+		stringring_close(sr);
 		return NULL;
 	}
-	close(token_fd);
+	stringring_close(sr);
 
 	return token;
 }
 
 int auth_logout(const char *username, const char *token) {
 	char filename[FILENAME_MAX];
+	struct stringring *sr;
 
 	if (!valid_name(username))
 		return 0;

@@ -357,18 +355,31 @@ int auth_logout(const char *username, const char *token) {
 	if (access(filename, F_OK) != 0) {
 		return 0;
 	}
-
-	snprintf(filename, FILENAME_MAX, "%s/%s/tokens/%s", blergconf.data_path, username, token);
-	if (unlink(filename) == -1)
+	sr = stringring_open(filename);
+	if (sr == NULL) {
 		return 0;
+	}
+	stringring_remove(sr, token);
+	stringring_close(sr);
 
 	return 1;
 }
 
 int auth_check_token(const char *username, const char *given_token) {
 	char filename[FILENAME_MAX];
+	struct stringring *sr;
+	int ret;
 
-	snprintf(filename, FILENAME_MAX, "%s/%s/tokens/%s", blergconf.data_path, username, given_token);
+	snprintf(filename, FILENAME_MAX, "%s/%s/tokens", blergconf.data_path, username);
+	if (access(filename, F_OK) != 0) {
+		return 0;
+	}
+	sr = stringring_open(filename);
+	if (sr == NULL) {
+		return 0;
+	}
+	ret = (stringring_find(sr, given_token, AUTHENTICATION_TIMEOUT) != -1);
+	stringring_close(sr);
 
-	return (access(filename, F_OK) == 0);
+	return ret;
 }

diff --git a/config.h b/config.h
line changes: +2/-0
index b0e00bd..c907f35
--- a/config.h
+++ b/config.h

@@ -14,4 +14,6 @@
 #define MAX_TAG_LENGTH 64
 #define MAX_TAGS_PER_RECORD 1024
 
+#define AUTHENTICATION_TIMEOUT 3600  /* Time out the user's session after one hour */
+
 #endif //_CONFIG_H