Fixed #24468 -- Made signed cookies cache backend resilient to unpickling exceptions.

This commit is contained in:
Tim Graham 2015-03-11 13:46:39 -04:00
parent 28e8c54d7d
commit 8a481498aa
2 changed files with 15 additions and 1 deletions

View File

@ -17,7 +17,9 @@ class SessionStore(SessionBase):
# This doesn't handle non-default expiry dates, see #19201 # This doesn't handle non-default expiry dates, see #19201
max_age=settings.SESSION_COOKIE_AGE, max_age=settings.SESSION_COOKIE_AGE,
salt='django.contrib.sessions.backends.signed_cookies') salt='django.contrib.sessions.backends.signed_cookies')
except (signing.BadSignature, ValueError): except Exception:
# BadSignature, ValueError, or unpickling exceptions. If any of
# these happen, reset the session.
self.create() self.create()
return {} return {}

View File

@ -17,6 +17,9 @@ from django.contrib.sessions.backends.signed_cookies import \
from django.contrib.sessions.exceptions import InvalidSessionKey from django.contrib.sessions.exceptions import InvalidSessionKey
from django.contrib.sessions.middleware import SessionMiddleware from django.contrib.sessions.middleware import SessionMiddleware
from django.contrib.sessions.models import Session from django.contrib.sessions.models import Session
from django.contrib.sessions.serializers import (
JSONSerializer, PickleSerializer,
)
from django.core import management from django.core import management
from django.core.cache import caches from django.core.cache import caches
from django.core.cache.backends.base import InvalidCacheBackendError from django.core.cache.backends.base import InvalidCacheBackendError
@ -632,3 +635,12 @@ class CookieSessionTests(SessionTestsMixin, unittest.TestCase):
def test_actual_expiry(self): def test_actual_expiry(self):
# The cookie backend doesn't handle non-default expiry dates, see #19201 # The cookie backend doesn't handle non-default expiry dates, see #19201
super(CookieSessionTests, self).test_actual_expiry() super(CookieSessionTests, self).test_actual_expiry()
def test_unpickling_exception(self):
# signed_cookies backend should handle unpickle exceptions gracefully
# by creating a new session
self.assertEqual(self.session.serializer, JSONSerializer)
self.session.save()
self.session.serializer = PickleSerializer
self.session.load()