2014-06-16 22:18:42 +08:00
|
|
|
from __future__ import unicode_literals
|
|
|
|
|
2014-05-17 00:18:34 +08:00
|
|
|
from django.contrib.sessions.base_session import (
|
|
|
|
AbstractBaseSession, BaseSessionManager,
|
|
|
|
)
|
2008-06-23 13:08:07 +08:00
|
|
|
|
2010-11-15 07:35:16 +08:00
|
|
|
|
2014-05-17 00:18:34 +08:00
|
|
|
class SessionManager(BaseSessionManager):
|
2014-12-13 06:19:58 +08:00
|
|
|
use_in_migrations = True
|
|
|
|
|
2006-05-02 09:31:56 +08:00
|
|
|
|
2014-05-17 00:18:34 +08:00
|
|
|
class Session(AbstractBaseSession):
|
2006-07-20 11:32:24 +08:00
|
|
|
"""
|
|
|
|
Django provides full support for anonymous sessions. The session
|
|
|
|
framework lets you store and retrieve arbitrary data on a
|
|
|
|
per-site-visitor basis. It stores data on the server side and
|
|
|
|
abstracts the sending and receiving of cookies. Cookies contain a
|
|
|
|
session ID -- not the data itself.
|
2006-06-20 12:07:32 +08:00
|
|
|
|
2006-07-20 11:32:24 +08:00
|
|
|
The Django sessions framework is entirely cookie-based. It does
|
|
|
|
not fall back to putting session IDs in URLs. This is an intentional
|
|
|
|
design decision. Not only does that behavior make URLs ugly, it makes
|
|
|
|
your site vulnerable to session-ID theft via the "Referer" header.
|
2006-06-20 12:07:32 +08:00
|
|
|
|
2006-07-20 11:32:24 +08:00
|
|
|
For complete documentation on using Sessions in your code, consult
|
|
|
|
the sessions documentation that is shipped with Django (also available
|
2010-10-09 16:12:50 +08:00
|
|
|
on the Django Web site).
|
2006-06-20 12:07:32 +08:00
|
|
|
"""
|
2006-05-02 09:31:56 +08:00
|
|
|
objects = SessionManager()
|
2007-09-16 05:29:14 +08:00
|
|
|
|
2014-05-17 00:18:34 +08:00
|
|
|
@classmethod
|
|
|
|
def get_session_store_class(cls):
|
|
|
|
from django.contrib.sessions.backends.db import SessionStore
|
|
|
|
return SessionStore
|
2014-07-25 04:24:01 +08:00
|
|
|
|
2014-05-17 00:18:34 +08:00
|
|
|
class Meta(AbstractBaseSession.Meta):
|
|
|
|
db_table = 'django_session'
|