2011-06-27 01:00:24 +08:00
|
|
|
from django.conf import settings
|
|
|
|
from django.contrib.sessions.backends.base import SessionBase
|
2015-01-28 20:35:27 +08:00
|
|
|
from django.core import signing
|
2011-06-27 01:00:24 +08:00
|
|
|
|
|
|
|
|
|
|
|
class SessionStore(SessionBase):
|
|
|
|
|
|
|
|
def load(self):
|
|
|
|
"""
|
|
|
|
We load the data from the key itself instead of fetching from
|
|
|
|
some external data store. Opposite of _get_session_key(),
|
|
|
|
raises BadSignature if signature fails.
|
|
|
|
"""
|
|
|
|
try:
|
2016-03-29 06:33:29 +08:00
|
|
|
return signing.loads(
|
|
|
|
self.session_key,
|
2013-08-22 08:12:19 +08:00
|
|
|
serializer=self.serializer,
|
2012-10-28 01:18:03 +08:00
|
|
|
# This doesn't handle non-default expiry dates, see #19201
|
2011-06-27 01:00:24 +08:00
|
|
|
max_age=settings.SESSION_COOKIE_AGE,
|
2016-03-29 06:33:29 +08:00
|
|
|
salt='django.contrib.sessions.backends.signed_cookies',
|
|
|
|
)
|
2015-03-12 01:46:39 +08:00
|
|
|
except Exception:
|
|
|
|
# BadSignature, ValueError, or unpickling exceptions. If any of
|
|
|
|
# these happen, reset the session.
|
2011-06-27 01:00:24 +08:00
|
|
|
self.create()
|
|
|
|
return {}
|
|
|
|
|
|
|
|
def create(self):
|
|
|
|
"""
|
2017-01-25 04:31:57 +08:00
|
|
|
To create a new key, set the modified flag so that the cookie is set
|
|
|
|
on the client for the current request.
|
2011-06-27 01:00:24 +08:00
|
|
|
"""
|
|
|
|
self.modified = True
|
|
|
|
|
|
|
|
def save(self, must_create=False):
|
|
|
|
"""
|
2017-01-25 04:31:57 +08:00
|
|
|
To save, get the session key as a securely signed string and then set
|
|
|
|
the modified flag so that the cookie is set on the client for the
|
2011-06-27 01:00:24 +08:00
|
|
|
current request.
|
|
|
|
"""
|
|
|
|
self._session_key = self._get_session_key()
|
|
|
|
self.modified = True
|
|
|
|
|
|
|
|
def exists(self, session_key=None):
|
|
|
|
"""
|
|
|
|
This method makes sense when you're talking to a shared resource, but
|
|
|
|
it doesn't matter when you're storing the information in the client's
|
|
|
|
cookie.
|
|
|
|
"""
|
|
|
|
return False
|
|
|
|
|
|
|
|
def delete(self, session_key=None):
|
|
|
|
"""
|
2017-01-25 04:31:57 +08:00
|
|
|
To delete, clear the session key and the underlying data structure
|
2011-06-27 01:00:24 +08:00
|
|
|
and set the modified flag so that the cookie is set on the client for
|
|
|
|
the current request.
|
|
|
|
"""
|
|
|
|
self._session_key = ''
|
|
|
|
self._session_cache = {}
|
|
|
|
self.modified = True
|
|
|
|
|
|
|
|
def cycle_key(self):
|
|
|
|
"""
|
2017-01-25 04:31:57 +08:00
|
|
|
Keep the same data but with a new key. Call save() and it will
|
|
|
|
automatically save a cookie with a new key at the end of the request.
|
2011-06-27 01:00:24 +08:00
|
|
|
"""
|
|
|
|
self.save()
|
|
|
|
|
|
|
|
def _get_session_key(self):
|
|
|
|
"""
|
2017-01-25 04:31:57 +08:00
|
|
|
Instead of generating a random string, generate a secure url-safe
|
|
|
|
base64-encoded string of data as our session key.
|
2011-06-27 01:00:24 +08:00
|
|
|
"""
|
|
|
|
session_cache = getattr(self, '_session_cache', {})
|
2016-03-29 06:33:29 +08:00
|
|
|
return signing.dumps(
|
|
|
|
session_cache, compress=True,
|
2011-11-18 05:16:42 +08:00
|
|
|
salt='django.contrib.sessions.backends.signed_cookies',
|
2016-03-29 06:33:29 +08:00
|
|
|
serializer=self.serializer,
|
|
|
|
)
|
2012-10-28 05:12:08 +08:00
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def clear_expired(cls):
|
|
|
|
pass
|