innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Implemented a flush() method on sessions that cleans out the session and 

regenerates the key. Used to ensure the caller gets a fresh session at logout,
for example.

Based on a patch from mrts. Refs #7515.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8342 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Malcolm Tredinnick 2008-08-14 03:57:46 +00:00
parent 31ec68c5d9
commit 5e8efa9a60
6 changed files with 69 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
django/contrib/sessions/backends/base.py
View File

@ -223,6 +223,15 @@ class SessionBase(object):
return settings.SESSION_EXPIRE_AT_BROWSER_CLOSE return settings.SESSION_EXPIRE_AT_BROWSER_CLOSE
return self.get('_session_expiry') == 0 return self.get('_session_expiry') == 0
def flush(self):
"""
Removes the current session data from the database and regenerates the
key.
"""
self.clear()
self.delete()
self.create()
# Methods that child classes must implement. # Methods that child classes must implement.
def exists(self, session_key): def exists(self, session_key):
@ -247,9 +256,10 @@ class SessionBase(object):
""" """
raise NotImplementedError raise NotImplementedError
def delete(self, session_key): def delete(self, session_key=None):
""" """
Clears out the session data under this key. Deletes the session data under this key. If the key is None, the
current session key value is used.
""" """
raise NotImplementedError raise NotImplementedError

4
django/contrib/sessions/backends/cache.py
View File

@ -39,6 +39,8 @@ class SessionStore(SessionBase):
return True return True
return False return False
def delete(self, session_key): def delete(self, session_key=None):
if session_key is None:
session_key = self._session_key
self._cache.delete(session_key) self._cache.delete(session_key)

4
django/contrib/sessions/backends/db.py
View File

@ -61,7 +61,9 @@ class SessionStore(SessionBase):
raise CreateError raise CreateError
raise raise
def delete(self, session_key): def delete(self, session_key=None):
if session_key is None:
session_key = self._session_key
try: try:
Session.objects.get(session_key=session_key).delete() Session.objects.get(session_key=session_key).delete()
except Session.DoesNotExist: except Session.DoesNotExist:

4
django/contrib/sessions/backends/file.py
View File

@ -89,7 +89,9 @@ class SessionStore(SessionBase):
return True return True
return False return False
def delete(self, session_key): def delete(self, session_key=None):
if session_key is None:
session_key = self._session_key
try: try:
os.unlink(self._key_to_file(session_key)) os.unlink(self._key_to_file(session_key))
except OSError: except OSError:

38
django/contrib/sessions/tests.py
View File

@ -23,6 +23,19 @@ True
>>> db_session.exists(db_session.session_key) >>> db_session.exists(db_session.session_key)
False False
>>> db_session['foo'] = 'bar'
>>> db_session.save()
>>> db_session.exists(db_session.session_key)
True
>>> prev_key = db_session.session_key
>>> db_session.flush()
>>> db_session.exists(prev_key)
False
>>> db_session.session_key == prev_key
False
>>> db_session.modified, db_session.accessed
(True, True)
>>> file_session = FileSession() >>> file_session = FileSession()
>>> file_session.modified >>> file_session.modified
False False
@ -40,6 +53,19 @@ True
>>> file_session.exists(file_session.session_key) >>> file_session.exists(file_session.session_key)
False False
>>> file_session['foo'] = 'bar'
>>> file_session.save()
>>> file_session.exists(file_session.session_key)
True
>>> prev_key = file_session.session_key
>>> file_session.flush()
>>> file_session.exists(prev_key)
False
>>> file_session.session_key == prev_key
False
>>> file_session.modified, file_session.accessed
(True, True)
# Make sure the file backend checks for a good storage dir # Make sure the file backend checks for a good storage dir
>>> settings.SESSION_FILE_PATH = "/if/this/directory/exists/you/have/a/weird/computer" >>> settings.SESSION_FILE_PATH = "/if/this/directory/exists/you/have/a/weird/computer"
>>> FileSession() >>> FileSession()
@ -61,6 +87,18 @@ True
>>> cache_session.delete(cache_session.session_key) >>> cache_session.delete(cache_session.session_key)
>>> cache_session.exists(cache_session.session_key) >>> cache_session.exists(cache_session.session_key)
False False
>>> cache_session['foo'] = 'bar'
>>> cache_session.save()
>>> cache_session.exists(cache_session.session_key)
True
>>> prev_key = cache_session.session_key
>>> cache_session.flush()
>>> cache_session.exists(prev_key)
False
>>> cache_session.session_key == prev_key
False
>>> cache_session.modified, cache_session.accessed
(True, True)
>>> s = SessionBase() >>> s = SessionBase()
>>> s._session['some key'] = 'exists' # Pre-populate the session with some data >>> s._session['some key'] = 'exists' # Pre-populate the session with some data

10
docs/sessions.txt
View File

@ -110,6 +110,16 @@ A session object has the following standard dictionary methods:
It also has these methods: It also has these methods:
* ``flush()``
**New in Django development version**
Delete the current session data from the database and regenerate the
session key value that is sent back to the user in the cookie. This is
used if you want to ensure that the previous session data can't be
accessed again from the user's browser (for example, the standard
``logout()`` method calls it).
* ``set_test_cookie()`` * ``set_test_cookie()``
Sets a test cookie to determine whether the user's browser supports Sets a test cookie to determine whether the user's browser supports