From c0caac87f990b585bb7a9f20fe7be91f2a2366ce Mon Sep 17 00:00:00 2001
From: Luke Plant <L.Plant.98@cantab.net>
Date: Wed, 30 Mar 2011 17:35:22 +0000
Subject: [PATCH] Removed Django 1.2 compatibility fallback for session data
 integrity check hash.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15954 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/contrib/sessions/backends/base.py | 21 +++------------------
 django/contrib/sessions/tests.py         | 15 ---------------
 2 files changed, 3 insertions(+), 33 deletions(-)

diff --git a/django/contrib/sessions/backends/base.py b/django/contrib/sessions/backends/base.py
index 7dfc39e6cb..1c7c188ed5 100644
--- a/django/contrib/sessions/backends/base.py
+++ b/django/contrib/sessions/backends/base.py
@@ -105,24 +105,9 @@ class SessionBase(object):
             else:
                 return pickle.loads(pickled)
         except Exception:
-            # ValueError, SuspiciousOperation, unpickling exceptions
-            # Fall back to Django 1.2 method
-            # PendingDeprecationWarning <- here to remind us to
-            # remove this fallback in Django 1.5
-            try:
-                return self._decode_old(session_data)
-            except Exception:
-                # Unpickling can cause a variety of exceptions. If something happens,
-                # just return an empty dictionary (an empty session).
-                return {}
-
-    def _decode_old(self, session_data):
-        encoded_data = base64.decodestring(session_data)
-        pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
-        if not constant_time_compare(hashlib.md5(pickled + settings.SECRET_KEY).hexdigest(),
-                                     tamper_check):
-            raise SuspiciousOperation("User tampered with session cookie.")
-        return pickle.loads(pickled)
+            # ValueError, SuspiciousOperation, unpickling exceptions. If any of
+            # these happen, just return an empty dictionary (an empty session).
+            return {}
 
     def update(self, dict_):
         self._session.update(dict_)
diff --git a/django/contrib/sessions/tests.py b/django/contrib/sessions/tests.py
index 9cce3549ac..2eb43f3e36 100644
--- a/django/contrib/sessions/tests.py
+++ b/django/contrib/sessions/tests.py
@@ -1,7 +1,4 @@
-import base64
 from datetime import datetime, timedelta
-import hashlib
-import pickle
 import shutil
 import tempfile
 
@@ -252,18 +249,6 @@ class SessionTestsMixin(object):
         encoded = self.session.encode(data)
         self.assertEqual(self.session.decode(encoded), data)
 
-    def test_decode_django12(self):
-        # Ensure we can decode values encoded using Django 1.2
-        # Hard code the Django 1.2 method here:
-        def encode(session_dict):
-            pickled = pickle.dumps(session_dict, pickle.HIGHEST_PROTOCOL)
-            pickled_md5 = hashlib.md5(pickled + settings.SECRET_KEY).hexdigest()
-            return base64.encodestring(pickled + pickled_md5)
-
-        data = {'a test key': 'a test value'}
-        encoded = encode(data)
-        self.assertEqual(self.session.decode(encoded), data)
-
 
 class DatabaseSessionTests(SessionTestsMixin, TestCase):