2007-09-26 07:16:11 +08:00
|
|
|
import base64
|
2006-05-02 09:31:56 +08:00
|
|
|
import cPickle as pickle
|
2007-09-26 07:16:11 +08:00
|
|
|
|
2006-05-02 09:31:56 +08:00
|
|
|
from django.db import models
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
from django.utils.translation import ugettext_lazy as _
|
2006-05-02 09:31:56 +08:00
|
|
|
from django.conf import settings
|
2008-08-02 13:56:57 +08:00
|
|
|
from django.utils.hashcompat import md5_constructor
|
2006-05-02 09:31:56 +08:00
|
|
|
|
2008-06-23 13:08:07 +08:00
|
|
|
|
2006-05-02 09:31:56 +08:00
|
|
|
class SessionManager(models.Manager):
|
|
|
|
|
def encode(self, session_dict):
|
2008-06-23 13:08:07 +08:00
|
|
|
"""
|
|
|
|
|
Returns the given session dictionary pickled and encoded as a string.
|
|
|
|
|
"""
|
2006-05-02 09:31:56 +08:00
|
|
|
pickled = pickle.dumps(session_dict)
|
2008-08-02 13:56:57 +08:00
|
|
|
pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest()
|
2006-05-02 09:31:56 +08:00
|
|
|
return base64.encodestring(pickled + pickled_md5)
|
|
|
|
|
|
|
|
|
|
def save(self, session_key, session_dict, expire_date):
|
|
|
|
|
s = self.model(session_key, self.encode(session_dict), expire_date)
|
|
|
|
|
if session_dict:
|
|
|
|
|
s.save()
|
|
|
|
|
else:
|
|
|
|
|
s.delete() # Clear sessions with no data.
|
|
|
|
|
return s
|
|
|
|
|
|
2008-06-23 13:08:07 +08:00
|
|
|
|
2006-05-02 09:31:56 +08:00
|
|
|
class Session(models.Model):
|
2006-07-20 11:32:24 +08:00
|
|
|
"""
|
|
|
|
|
Django provides full support for anonymous sessions. The session
|
|
|
|
|
framework lets you store and retrieve arbitrary data on a
|
|
|
|
|
per-site-visitor basis. It stores data on the server side and
|
|
|
|
|
abstracts the sending and receiving of cookies. Cookies contain a
|
|
|
|
|
session ID -- not the data itself.
|
2006-06-20 12:07:32 +08:00
|
|
|
|
2006-07-20 11:32:24 +08:00
|
|
|
The Django sessions framework is entirely cookie-based. It does
|
|
|
|
|
not fall back to putting session IDs in URLs. This is an intentional
|
|
|
|
|
design decision. Not only does that behavior make URLs ugly, it makes
|
|
|
|
|
your site vulnerable to session-ID theft via the "Referer" header.
|
2006-06-20 12:07:32 +08:00
|
|
|
|
2006-07-20 11:32:24 +08:00
|
|
|
For complete documentation on using Sessions in your code, consult
|
|
|
|
|
the sessions documentation that is shipped with Django (also available
|
2010-10-09 16:12:50 +08:00
|
|
|
on the Django Web site).
|
2006-06-20 12:07:32 +08:00
|
|
|
"""
|
2008-06-23 13:08:07 +08:00
|
|
|
session_key = models.CharField(_('session key'), max_length=40,
|
|
|
|
|
primary_key=True)
|
2006-05-02 09:31:56 +08:00
|
|
|
session_data = models.TextField(_('session data'))
|
|
|
|
|
expire_date = models.DateTimeField(_('expire date'))
|
|
|
|
|
objects = SessionManager()
|
2007-09-16 05:29:14 +08:00
|
|
|
|
2006-05-02 09:31:56 +08:00
|
|
|
class Meta:
|
|
|
|
|
db_table = 'django_session'
|
|
|
|
|
verbose_name = _('session')
|
|
|
|
|
verbose_name_plural = _('sessions')
|
|
|
|
|
|
|
|
|
|
def get_decoded(self):
|
|
|
|
|
encoded_data = base64.decodestring(self.session_data)
|
|
|
|
|
pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
|
2008-08-02 13:56:57 +08:00
|
|
|
if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
|
2006-05-02 09:31:56 +08:00
|
|
|
from django.core.exceptions import SuspiciousOperation
|
2010-01-11 02:36:20 +08:00
|
|
|
raise SuspiciousOperation("User tampered with session cookie.")
|
2006-05-02 09:31:56 +08:00
|
|
|
try:
|
|
|
|
|
return pickle.loads(pickled)
|
|
|
|
|
# Unpickling can cause a variety of exceptions. If something happens,
|
|
|
|
|
# just return an empty dictionary (an empty session).
|
|
|
|
|
except:
|
|
|
|
|
return {}
|
