django1/django/contrib/sessions/backends/file.py

import os
import tempfile

from django.conf import settings
from django.contrib.sessions.backends.base import SessionBase, CreateError
from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured


class SessionStore(SessionBase):
    """
    Implements a file based session store.
    """
    def __init__(self, session_key=None):
        self.storage_path = getattr(settings, "SESSION_FILE_PATH", None)
        if not self.storage_path:
            self.storage_path = tempfile.gettempdir()

        # Make sure the storage path is valid.
        if not os.path.isdir(self.storage_path):
            raise ImproperlyConfigured(
                "The session storage path %r doesn't exist. Please set your"
                " SESSION_FILE_PATH setting to an existing directory in which"
                " Django can store session data." % self.storage_path)

        self.file_prefix = settings.SESSION_COOKIE_NAME
        super(SessionStore, self).__init__(session_key)

    def _key_to_file(self, session_key=None):
        """
        Get the file associated with this session key.
        """
        if session_key is None:
            session_key = self.session_key

        # Make sure we're not vulnerable to directory traversal. Session keys
        # should always be md5s, so they should never contain directory
        # components.
        if os.path.sep in session_key:
            raise SuspiciousOperation(
                "Invalid characters (directory components) in session key")

        return os.path.join(self.storage_path, self.file_prefix + session_key)

    def load(self):
        session_data = {}
        try:
            session_file = open(self._key_to_file(), "rb")
            try:
                try:
                    session_data = self.decode(session_file.read())
                except (EOFError, SuspiciousOperation):
                    self.create()
            finally:
                session_file.close()
        except IOError:
            pass
        return session_data

    def create(self):
        while True:
            self._session_key = self._get_new_session_key()
            try:
                self.save(must_create=True)
            except CreateError:
                continue
            self.modified = True
            self._session_cache = {}
            return

    def save(self, must_create=False):
        flags = os.O_WRONLY | os.O_CREAT | os.O_TRUNC | getattr(os, 'O_BINARY', 0)
        if must_create:
            flags |= os.O_EXCL
        # Because this may trigger a load from storage, we must do it before
        # truncating the file to save.
        session_data = self._session
        try:
            fd = os.open(self._key_to_file(self.session_key), flags)
            try:
                os.write(fd, self.encode(session_data))
            finally:
                os.close(fd)
        except OSError, e:
            if must_create and e.errno == errno.EEXIST:
                raise CreateError
            raise
        except (IOError, EOFError):
            pass

    def exists(self, session_key):
        if os.path.exists(self._key_to_file(session_key)):
            return True
        return False

    def delete(self, session_key=None):
        if session_key is None:
            session_key = self._session_key
        try:
            os.unlink(self._key_to_file(session_key))
        except OSError:
            pass

    def clean(self):
        pass
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`import os`
Fixed #6082: file-based sessions now verify that SESSION_FILE_PATH is a valid storage location, and raise ImproperlyConfigured if not. Thanks, jags78. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6889 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-12-05 04:24:22 +08:00			`import tempfile`
Several Django styling fixes in the `contrib.sessions` app. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7725 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-06-23 13:08:07 +08:00
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`from django.conf import settings`
Added guaranteed atomic creation of new session objects. Slightly backwards incompatible for custom session backends. Whilst we were in the neighbourhood, use a larger range of session key values to save a small amount of time and use the hardware-base random numbers where available (transparently falls back to pseudo-RNG otherwise). Fixed #1080 git-svn-id: http://code.djangoproject.com/svn/django/trunk@8340 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-08-14 11:57:18 +08:00			`from django.contrib.sessions.backends.base import SessionBase, CreateError`
Fixed #6082: file-based sessions now verify that SESSION_FILE_PATH is a valid storage location, and raise ImproperlyConfigured if not. Thanks, jags78. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6889 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-12-05 04:24:22 +08:00			`from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00
Several Django styling fixes in the `contrib.sessions` app. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7725 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-06-23 13:08:07 +08:00
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`class SessionStore(SessionBase):`
			`"""`
			`Implements a file based session store.`
			`"""`
			`def __init__(self, session_key=None):`
Fixed #5507 -- Use a more portable way to get at the system's tmpdir (fixes a problem with the default on Windows). Thanks, Philippe Raoult. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7329 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-03-20 14:43:58 +08:00			`self.storage_path = getattr(settings, "SESSION_FILE_PATH", None)`
			`if not self.storage_path:`
			`self.storage_path = tempfile.gettempdir()`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Fixed #6082: file-based sessions now verify that SESSION_FILE_PATH is a valid storage location, and raise ImproperlyConfigured if not. Thanks, jags78. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6889 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-12-05 04:24:22 +08:00			`# Make sure the storage path is valid.`
			`if not os.path.isdir(self.storage_path):`
Several Django styling fixes in the `contrib.sessions` app. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7725 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-06-23 13:08:07 +08:00			`raise ImproperlyConfigured(`
			`"The session storage path %r doesn't exist. Please set your"`
			`" SESSION_FILE_PATH setting to an existing directory in which"`
			`" Django can store session data." % self.storage_path)`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
			`self.file_prefix = settings.SESSION_COOKIE_NAME`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`super(SessionStore, self).__init__(session_key)`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`def _key_to_file(self, session_key=None):`
			`"""`
			`Get the file associated with this session key.`
			`"""`
			`if session_key is None:`
			`session_key = self.session_key`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`# Make sure we're not vulnerable to directory traversal. Session keys`
Several Django styling fixes in the `contrib.sessions` app. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7725 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-06-23 13:08:07 +08:00			`# should always be md5s, so they should never contain directory`
			`# components.`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`if os.path.sep in session_key:`
Several Django styling fixes in the `contrib.sessions` app. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7725 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-06-23 13:08:07 +08:00			`raise SuspiciousOperation(`
			`"Invalid characters (directory components) in session key")`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`return os.path.join(self.storage_path, self.file_prefix + session_key)`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`def load(self):`
			`session_data = {}`
			`try:`
			`session_file = open(self._key_to_file(), "rb")`
			`try:`
Fixed #5501 -- Fixed Python 2.3 and 2.4 incompatibility. Thanks, brosner. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6348 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 10:03:46 +08:00			`try:`
			`session_data = self.decode(session_file.read())`
Added guaranteed atomic creation of new session objects. Slightly backwards incompatible for custom session backends. Whilst we were in the neighbourhood, use a larger range of session key values to save a small amount of time and use the hardware-base random numbers where available (transparently falls back to pseudo-RNG otherwise). Fixed #1080 git-svn-id: http://code.djangoproject.com/svn/django/trunk@8340 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-08-14 11:57:18 +08:00			`except (EOFError, SuspiciousOperation):`
			`self.create()`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`finally:`
			`session_file.close()`
Added guaranteed atomic creation of new session objects. Slightly backwards incompatible for custom session backends. Whilst we were in the neighbourhood, use a larger range of session key values to save a small amount of time and use the hardware-base random numbers where available (transparently falls back to pseudo-RNG otherwise). Fixed #1080 git-svn-id: http://code.djangoproject.com/svn/django/trunk@8340 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-08-14 11:57:18 +08:00			`except IOError:`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`pass`
			`return session_data`

Added guaranteed atomic creation of new session objects. Slightly backwards incompatible for custom session backends. Whilst we were in the neighbourhood, use a larger range of session key values to save a small amount of time and use the hardware-base random numbers where available (transparently falls back to pseudo-RNG otherwise). Fixed #1080 git-svn-id: http://code.djangoproject.com/svn/django/trunk@8340 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-08-14 11:57:18 +08:00			`def create(self):`
			`while True:`
			`self._session_key = self._get_new_session_key()`
			`try:`
			`self.save(must_create=True)`
			`except CreateError:`
			`continue`
			`self.modified = True`
			`self._session_cache = {}`
			`return`

			`def save(self, must_create=False):`
			`flags = os.O_WRONLY \| os.O_CREAT \| os.O_TRUNC \| getattr(os, 'O_BINARY', 0)`
			`if must_create:`
			`flags \|= os.O_EXCL`
Fixed #6984 -- Make sure to load session data from the file (if necessary) prior to truncating it during a save. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8344 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-08-14 11:58:09 +08:00			`# Because this may trigger a load from storage, we must do it before`
			`# truncating the file to save.`
			`session_data = self._session`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`try:`
Added guaranteed atomic creation of new session objects. Slightly backwards incompatible for custom session backends. Whilst we were in the neighbourhood, use a larger range of session key values to save a small amount of time and use the hardware-base random numbers where available (transparently falls back to pseudo-RNG otherwise). Fixed #1080 git-svn-id: http://code.djangoproject.com/svn/django/trunk@8340 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-08-14 11:57:18 +08:00			`fd = os.open(self._key_to_file(self.session_key), flags)`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`try:`
Fixed #6984 -- Make sure to load session data from the file (if necessary) prior to truncating it during a save. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8344 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-08-14 11:58:09 +08:00			`os.write(fd, self.encode(session_data))`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`finally:`
Added guaranteed atomic creation of new session objects. Slightly backwards incompatible for custom session backends. Whilst we were in the neighbourhood, use a larger range of session key values to save a small amount of time and use the hardware-base random numbers where available (transparently falls back to pseudo-RNG otherwise). Fixed #1080 git-svn-id: http://code.djangoproject.com/svn/django/trunk@8340 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-08-14 11:57:18 +08:00			`os.close(fd)`
			`except OSError, e:`
			`if must_create and e.errno == errno.EEXIST:`
			`raise CreateError`
			`raise`
			`except (IOError, EOFError):`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`pass`

			`def exists(self, session_key):`
			`if os.path.exists(self._key_to_file(session_key)):`
			`return True`
			`return False`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Implemented a flush() method on sessions that cleans out the session and regenerates the key. Used to ensure the caller gets a fresh session at logout, for example. Based on a patch from mrts. Refs #7515. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8342 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-08-14 11:57:46 +08:00			`def delete(self, session_key=None):`
			`if session_key is None:`
			`session_key = self._session_key`
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`try:`
			`os.unlink(self._key_to_file(session_key))`
			`except OSError:`
			`pass`
Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-01-06 20:53:09 +08:00
Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 05:29:14 +08:00			`def clean(self):`
Fixed #5501 -- Fixed Python 2.3 and 2.4 incompatibility. Thanks, brosner. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6348 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2007-09-16 10:03:46 +08:00			`pass`