[FIX] potential bug in server-side web framework, now forbids users to call method when not authentified

bzr revid: nicolas.vanhoren@openerp.com-20131018125727-qtkzkiwkhw4z78kr

addons/web/http.py

@@ -189,6 +189,8 @@ class WebRequest(object):
 
 def auth_method_user():
     request.uid = request.session.uid
+    if not request.uid:
+        raise SessionExpiredException("Session expired")
 
 def auth_method_admin():
     if not request.db: