Added request.session.delete_test_cookie()

git-svn-id: http://code.djangoproject.com/svn/django/trunk@669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-09-23 01:28:44 +00:00 · 2005-09-23 01:28:44 +00:00 · 39a907a051
parent 3dc1ede871
commit 39a907a051
4 changed files with 13 additions and 1 deletions
--- a/django/middleware/admin.py
+++ b/django/middleware/admin.py
@ -81,6 +81,7 @@ class AdminUserRequired:
                        request.user = user
                        return
                    else:
+                        request.session.delete_test_cookie()
                        return httpwrappers.HttpResponseRedirect(request.path)
            else:
                return self.display_login_form(request, ERROR_MESSAGE)
--- a/django/middleware/sessions.py
+++ b/django/middleware/sessions.py
@ -30,6 +30,9 @@ class SessionWrapper(object):
    def test_cookie_worked(self):
        return self.get(TEST_COOKIE_NAME) == TEST_COOKIE_VALUE

+    def delete_test_cookie(self):
+        del self[TEST_COOKIE_NAME]
+
    def _get_session(self):
        # Lazily loads session from storage.
        try:
--- a/django/views/auth/login.py
+++ b/django/views/auth/login.py
@ -18,6 +18,7 @@ def login(request):
            if not redirect_to or '://' in redirect_to or ' ' in redirect_to:
                redirect_to = '/accounts/profile/'
            request.session[users.SESSION_KEY] = manipulator.get_user_id()
+            request.session.delete_test_cookie()
            return HttpResponseRedirect(redirect_to)
    else:
        errors = {}
--- a/docs/sessions.txt
+++ b/docs/sessions.txt
@ -46,7 +46,7 @@ It implements the following standard dictionary methods:
    * ``get(key, default=None)``
      Example: ``fav_color = request.session.get('fav_color', 'red')``

-It also has these two methods:
+It also has these three methods:

    * ``set_test_cookie()``
      Sets a test cookie to determine whether the user's browser supports
@ -60,6 +60,9 @@ It also has these two methods:
      have to call ``set_test_cookie()`` on a previous, separate page request.
      See "Setting test cookies" below for more information.

+    * ``delete_test_cookie()``
+      Deletes the test cookie. Use this to clean up after yourself.
+
 You can edit ``request.session`` at any point in your view. You can edit it
 multiple times.

@ -120,11 +123,15 @@ This awkward split between ``set_test_cookie()`` and ``test_cookie_worked()``
 is necessary due to the way cookies work. When you set a cookie, you can't
 actually tell whether a browser accepted it until the browser's next request.

+It's good practice to use ``delete_test_cookie()`` to clean up after yourself.
+Do this after you've verified that the test cookie worked.
+
 Here's a typical usage example::

    def login(request):
        if request.POST:
            if request.session.test_cookie_worked():
+                request.session.delete_test_cookie()
                return HttpResponse("You're logged in.")
            else:
                return HttpResponse("Please enable cookies and try again.")