django1/django/contrib/sessions/backends/file.py

import os
import tempfile
from django.conf import settings
from django.contrib.sessions.backends.base import SessionBase
from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured

class SessionStore(SessionBase):
    """
    Implements a file based session store.
    """
    def __init__(self, session_key=None):
        self.storage_path = getattr(settings, "SESSION_FILE_PATH", tempfile.gettempdir())

        # Make sure the storage path is valid.
        if not os.path.isdir(self.storage_path):
            raise ImproperlyConfigured("The session storage path %r doesn't exist. "\
                                       "Please set your SESSION_FILE_PATH setting "\
                                       "to an existing directory in which Django "\
                                       "can store session data." % self.storage_path)

        self.file_prefix = settings.SESSION_COOKIE_NAME
        super(SessionStore, self).__init__(session_key)

    def _key_to_file(self, session_key=None):
        """
        Get the file associated with this session key.
        """
        if session_key is None:
            session_key = self.session_key

        # Make sure we're not vulnerable to directory traversal. Session keys
        # should always be md5s, so they should never contain directory components.
        if os.path.sep in session_key:
            raise SuspiciousOperation("Invalid characters (directory components) in session key")

        return os.path.join(self.storage_path, self.file_prefix + session_key)

    def load(self):
        session_data = {}
        try:
            session_file = open(self._key_to_file(), "rb")
            try:
                try:
                    session_data = self.decode(session_file.read())
                except(EOFError, SuspiciousOperation):
                    self._session_key = self._get_new_session_key()
                    self._session_cache = {}
                    self.save()
                    # Ensure the user is notified via a new cookie.
                    self.modified = True
            finally:
                session_file.close()
        except(IOError):
            pass
        return session_data

    def save(self):
        try:
            f = open(self._key_to_file(self.session_key), "wb")
            try:
                f.write(self.encode(self._session))
            finally:
                f.close()
        except(IOError, EOFError):
            pass

    def exists(self, session_key):
        if os.path.exists(self._key_to_file(session_key)):
            return True
        return False

    def delete(self, session_key):
        try:
            os.unlink(self._key_to_file(session_key))
        except OSError:
            pass

    def clean(self):
        pass
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`import os`
Fixed #6082: file-based sessions now verify that SESSION_FILE_PATH is a valid storage location, and raise ImproperlyConfigured if not. Thanks, jags78. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6889 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-12-05 04:24:22 +08:00			`import tempfile`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`from django.conf import settings`
			`from django.contrib.sessions.backends.base import SessionBase`
Fixed #6082: file-based sessions now verify that SESSION_FILE_PATH is a valid storage location, and raise ImproperlyConfigured if not. Thanks, jags78. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6889 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-12-05 04:24:22 +08:00			`from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00
			`class SessionStore(SessionBase):`
			`"""`
			`Implements a file based session store.`
			`"""`
			`def __init__(self, session_key=None):`
Fixed #6082: file-based sessions now verify that SESSION_FILE_PATH is a valid storage location, and raise ImproperlyConfigured if not. Thanks, jags78. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6889 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-12-05 04:24:22 +08:00			`self.storage_path = getattr(settings, "SESSION_FILE_PATH", tempfile.gettempdir())`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Fixed #6082: file-based sessions now verify that SESSION_FILE_PATH is a valid storage location, and raise ImproperlyConfigured if not. Thanks, jags78. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6889 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-12-05 04:24:22 +08:00			`# Make sure the storage path is valid.`
			`if not os.path.isdir(self.storage_path):`
			`raise ImproperlyConfigured("The session storage path %r doesn't exist. "\`
			`"Please set your SESSION_FILE_PATH setting "\`
			`"to an existing directory in which Django "\`
			`"can store session data." % self.storage_path)`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
			`self.file_prefix = settings.SESSION_COOKIE_NAME`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`super(SessionStore, self).__init__(session_key)`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`def _key_to_file(self, session_key=None):`
			`"""`
			`Get the file associated with this session key.`
			`"""`
			`if session_key is None:`
			`session_key = self.session_key`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`# Make sure we're not vulnerable to directory traversal. Session keys`
			`# should always be md5s, so they should never contain directory components.`
			`if os.path.sep in session_key:`
			`raise SuspiciousOperation("Invalid characters (directory components) in session key")`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`return os.path.join(self.storage_path, self.file_prefix + session_key)`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`def load(self):`
			`session_data = {}`
			`try:`
			`session_file = open(self._key_to_file(), "rb")`
			`try:`
Fixed #5501 -- Fixed Python 2.3 and 2.4 incompatibility. Thanks, brosner. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6348 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 10:03:46 +08:00			`try:`
			`session_data = self.decode(session_file.read())`
			`except(EOFError, SuspiciousOperation):`
			`self._session_key = self._get_new_session_key()`
			`self._session_cache = {}`
			`self.save()`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00			`# Ensure the user is notified via a new cookie.`
			`self.modified = True`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`finally:`
			`session_file.close()`
			`except(IOError):`
			`pass`
			`return session_data`

			`def save(self):`
			`try:`
			`f = open(self._key_to_file(self.session_key), "wb")`
			`try:`
			`f.write(self.encode(self._session))`
			`finally:`
			`f.close()`
			`except(IOError, EOFError):`
			`pass`

			`def exists(self, session_key):`
			`if os.path.exists(self._key_to_file(session_key)):`
			`return True`
			`return False`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`def delete(self, session_key):`
			`try:`
			`os.unlink(self._key_to_file(session_key))`
			`except OSError:`
			`pass`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`def clean(self):`
Fixed #5501 -- Fixed Python 2.3 and 2.4 incompatibility. Thanks, brosner. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6348 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 10:03:46 +08:00			`pass`