Commit Graph

269 Commits

Author SHA1 Message Date
Alex Gaynor 7548aa8ffd More attacking E302 violators 2013-11-02 13:12:09 -07:00
Alasdair Nicol bab9123daa Fixed #21268 -- Fixed E303 pep8 warnings 2013-10-18 01:46:24 +01:00
Aymeric Augustin 728548e483 Fixed #21134 -- Prevented queries in broken transactions.
Squashed commit of the following:

commit 63ddb271a44df389b2c302e421fc17b7f0529755
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Sep 29 22:51:00 2013 +0200

    Clarified interactions between atomic and exceptions.

commit 2899ec299228217c876ba3aa4024e523a41c8504
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Sep 22 22:45:32 2013 +0200

    Fixed TransactionManagementError in tests.

    Previous commit introduced an additional check to prevent running
    queries in transactions that will be rolled back, which triggered a few
    failures in the tests. In practice using transaction.atomic instead of
    the low-level savepoint APIs was enough to fix the problems.

commit 4a639b059ea80aeb78f7f160a7d4b9f609b9c238
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Tue Sep 24 22:24:17 2013 +0200

    Allowed nesting constraint_checks_disabled inside atomic.

    Since MySQL handles transactions loosely, this isn't a problem.

commit 2a4ab1cb6e83391ff7e25d08479e230ca564bfef
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sat Sep 21 18:43:12 2013 +0200

    Prevented running queries in transactions that will be rolled back.

    This avoids a counter-intuitive behavior in an edge case on databases
    with non-atomic transaction semantics.

    It prevents using savepoint_rollback() inside an atomic block without
    calling set_rollback(False) first, which is backwards-incompatible in
    tests.

    Refs #21134.

commit 8e3db393853c7ac64a445b66e57f3620a3fde7b0
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date:   Sun Sep 22 22:14:17 2013 +0200

    Replaced manual savepoints by atomic blocks.

    This ensures the rollback flag is handled consistently in internal APIs.
2013-09-30 09:42:27 +02:00
Gregor MacGregor b2b763448f Fixed #20841 -- Added messages to NotImplementedErrors
Thanks joseph at vertstudios.com for the suggestion.
2013-09-10 11:09:59 -04:00
Alex Gaynor 2530735d2d Fixed a number of flake8 errors -- particularly around unused imports and local variables 2013-09-06 21:56:40 -07:00
CHI Cheng ed9cd4fd8b Fixed #21000 -- Made cached_db session backend respect SESSION_CACHE_ALIAS 2013-09-05 10:47:58 -04:00
Tim Graham b0ce6fe656 Fixed #20922 -- Allowed customizing the serializer used by contrib.sessions
Added settings.SESSION_SERIALIZER which is the import path of a serializer
to use for sessions.

Thanks apollo13, carljm, shaib, akaariai, charettes, and dstufft for reviews.
2013-08-22 13:58:26 -04:00
Claude Paroz fdd7a355bf Deprecated django.utils.importlib
This was a shim for pre-Python 2.7 support.
2013-07-29 17:10:22 +02:00
Aymeric Augustin cfcf4b3605 Stopped using django.utils.unittest in the test suite.
Refs #20680.
2013-07-01 14:29:33 +02:00
Matt Robenolt 5ff2ffa330 Define the SessionStore inside __init__ instead of process_request
It's unnecessary to run this on every request, since technically, settings *should be* immutable.
2013-06-30 09:43:02 +02:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Erik Romijn f88700d610 Fix #19664 -- Illegal Characters In Session Key Give Fatal Error On File Backend Only 2013-05-19 15:33:05 +02:00
Claude Paroz 9f7a01ef2b Updated translation templates and removed en translations
"en" translations have been mistakenly committed in 87cc3da81.
2013-05-02 16:25:23 +02:00
Claude Paroz 244e765a94 Updated translation templates 2013-03-28 10:06:11 +01:00
Aymeric Augustin ba5138b1c0 Deprecated transaction.commit/rollback_unless_managed.
Since "unless managed" now means "if database-level autocommit",
committing or rolling back doesn't have any effect.

Restored transactional integrity in a few places that relied on
automatically-started transactions with a transitory API.
2013-03-11 14:48:54 +01:00
Claude Paroz 87cc3da814 Merged contrib translations from 1.5 branch 2013-02-26 21:51:06 +01:00
Joeri Bekker b9cc61021a Fixed #9084 - Best approach for an OS to atomically rename the session file. 2013-02-24 14:21:40 +01:00
Mathijs de Bruin 8c1cc4b3b0 Fixed regression introduced in 146ed13a.
As override_settings was used after the initialization of the session backend,
we need to use a new session backend here.
2013-02-23 16:53:31 +01:00
Aymeric Augustin d913a8b412 Fixed #19356 -- Increased session key entropy. 2012-11-29 16:36:43 +01:00
Aymeric Augustin 11fd00c46e Fixed #19254 -- Bug in SESSION_FILE_PATH handling.
Thanks simonb for the report.

Refs #18194.
2012-11-06 10:19:14 +01:00
Aymeric Augustin 146ed13a11 Fixed #17083 -- Allowed sessions to use non-default cache. 2012-10-31 09:46:16 +01:00
Aymeric Augustin 58337b3223 Marked cookies-based session expiry test as an expected failure.
Refs #19201.
2012-10-28 18:03:23 +01:00
Aymeric Augustin 98032f67c7 Fixed #14093 -- Improved error message in the cache session backend.
Thanks stumbles for the patch.
2012-10-28 12:40:10 +01:00
Aymeric Augustin 5fec97b9df Fixed #18194 -- Expiration of file-based sessions
* Prevented stale session files from being loaded
* Added removal of stale session files in django-admin.py clearsessions

Thanks ej for the report, crodjer and Elvard for their inputs.
2012-10-28 09:19:38 +01:00
Aymeric Augustin 882c47cd40 Improved tests introduced in 04b00b6.
These tests are expected to fail for the file session backend because it
doesn't handle expiry properly. They didn't because of an error in the
test setup sequence.

Refs #19200, #18194.
2012-10-27 23:15:45 +02:00
Aymeric Augustin cd17a24083 Added optional kwargs to get_expiry_age/date.
This change allows for cleaner tests: we can test the exact output.

Refs #18194: this change makes it possible to compute session expiry
dates at times other than when the session is saved.

Fixed #18458: the existence of the `modification` kwarg implies that you
must pass it to get_expiry_age/date if you call these functions outside
of a short request - response cycle (the intended use case).
2012-10-27 23:15:45 +02:00
Aymeric Augustin 04b00b668d Fixed #19200 -- Session expiry with cached_db
Also did a little bit of cleanup.
2012-10-27 19:40:39 +02:00
Aymeric Augustin 83ba0a9d4b Fixed #18978 -- Moved cleanup command to sessions.
This removes a dependency of 'core' on 'contrib'.
2012-10-27 18:31:00 +02:00
Claude Paroz 58365401c9 Updated base translation files 2012-10-15 11:17:06 +02:00
Claude Paroz 486e67598f Fixed #10853 -- Skipped some sessions tests with dummy cache backend 2012-09-21 13:17:25 +02:00
Malcolm Tredinnick 5e99a3d41b Adjust d7853c5 to not show ignorable warnings when running tests. 2012-09-08 20:28:31 -04:00
Carl Meyer 67dceeef44 Remove a couple unused imports. 2012-09-08 14:30:11 -06:00
Claude Paroz d7853c55ed Removed warning check in test_load_overlong_key
Some backends issue a warning here, others not. This is not the primary
goal of the test, so the assertion about the warning has been removed.
Thanks Carl Meyer for noticing the issue and suggesting the fix.
2012-09-08 21:31:46 +02:00
Claude Paroz ebc773ada3 Replaced many smart_bytes by force_bytes
In all those occurrences, we didn't care about preserving the
lazy status of the strings, but we really wanted to obtain a
real bytestring.
2012-08-29 11:20:32 +02:00
Florian Apolloner 518af78e21 Removed unneeded smart_bytes import which was introduced in f2fff84bc. 2012-08-15 17:33:21 +02:00
Florian Apolloner f2fff84bc3 [py3] fixed session file backend. 2012-08-15 14:20:44 +02:00
Claude Paroz e0d67f3440 [py3] Fixed test_client_regress tests 2012-08-15 10:58:26 +02:00
Aymeric Augustin 212a512984 [py3] Avoided the deprecated base64 interface.
This fixes a deprecation warning under Python 3.
2012-08-14 23:45:12 +02:00
Claude Paroz 8a1f439d3a [py3] Fix encoding issues in contrib.sessions 2012-08-12 22:49:10 +02:00
Aymeric Augustin c5ef65bcf3 [py3] Ported django.utils.encoding.
* Renamed smart_unicode to smart_text (but kept the old name under
  Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
  and smart_bytes under Python 2 (which is backwards compatible).
  Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
  want a str.
2012-08-07 12:00:22 +02:00
Aymeric Augustin ee191715ea [py3] Fixed access to dict keys/values/items. 2012-08-07 12:00:22 +02:00
Aymeric Augustin a84d79f572 [py3] Added Python 3 compatibility for xrange. 2012-07-22 09:29:56 +02:00
Aymeric Augustin ca07fda2ef [py3] Switched to Python 3-compatible imports.
xrange/range will be dealt with in a separate commit due to the huge
number of changes.
2012-07-22 09:29:56 +02:00
Anssi Kääriäinen aeda55e6bf Fixed #3881 -- skip saving session when response status is 500
Saving session data is somewhat likely to lead into error when the
status code is 500. It is guaranteed to lead into error if the reason
for the 500 code is query error on PostgreSQL.
2012-07-16 20:57:55 +03:00
Claude Paroz 865cd35c9b Made more extensive usage of context managers with open. 2012-05-05 14:06:36 +02:00
Claude Paroz 11a5355517 Inserted more simplefilter calls to be sure warnings are emitted.
Thanks to Florian Apolloner for suggesting the patch.
2012-05-03 21:31:23 +02:00
Claude Paroz 00c0d3c44e Made warning assertions work with or without -Wall python switch 2012-05-03 20:18:05 +02:00
Claude Paroz 10cf3c6427 Used catch_warnings instead of save/restore methods. Refs #17049. 2012-05-03 18:30:07 +02:00
Claude Paroz 3904b74a3f Fixed #18013 -- Use the new 'as' syntax for exceptions.
Thanks Clueless for the initial patch.
Note that unittest has been purposely left out (external package only used by Python 2.6).
2012-04-29 20:57:15 +02:00
Claude Paroz 23d3459761 Fixed #17965 -- Definitely dropped support for Python 2.5. Thanks jonash for the initial patch and Aymeric Augustin for the review.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17834 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-31 08:24:29 +00:00
Aymeric Augustin eb163f37cb Use the class decorator syntax available in Python >= 2.6. Refs #17965.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17829 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-30 09:08:29 +00:00
Claude Paroz 9383a2761c Removed with_statement imports, useless in Python >= 2.6. Refs #17965. Thanks jonash for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17828 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-30 08:02:08 +00:00
Aymeric Augustin f356a2e52f Fixed #17810 (again). Catch session key errors.
The previous commit didn't work with PyLibMC.
This solution appears to be the best compromise
at this point in the 1.4 release cycle.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17797 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-23 16:14:46 +00:00
Jannis Leidel 46871eb1bb Fixed an incompatibility with Python 2.5 in the changes done in r17795. Refs #17810.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17796 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-23 09:32:11 +00:00
Paul McMillan 2ca9801956 Fixed #17810. Catch session key errors.
Catches memcached session key errors related to overly long session keys.
This is a long-standing bug, but severity was exacerbated by the addition
of cookie-backed session storage, which generates long session values. If
an installation switched from cookie-backed session store to memcached,
users would not be able to log in because of the server error from overly
long memcached keys.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17795 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-23 05:31:11 +00:00
Jannis Leidel 5b3721b067 Pulled sessions translations updates from Transifex. Refs #17822.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17793 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-23 03:24:45 +00:00
Jannis Leidel 9d1d1f06db Added Tatar translation. Refs #17822.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17732 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-14 09:15:31 +00:00
Jannis Leidel e540f27475 Added Swahili translation. Refs #17822.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17731 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-14 09:14:48 +00:00
Jannis Leidel 830900c24a Added Nepali translation. Refs #17822.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17730 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-14 09:14:07 +00:00
Jannis Leidel 661139a29e Added Kazakh translation. Refs #17822.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17729 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-14 09:13:24 +00:00
Jannis Leidel e47b92dad7 Added Esperanto to the list of languages. Refs #17822.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17728 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-14 09:12:43 +00:00
Jannis Leidel 0c1a8a99df Pulled the sessions translations updates from Transifex. Refs #17822.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17726 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-14 09:10:38 +00:00
Paul McMillan 239e41f7c5 Cleanup to use get_random_string consistently.
Removes several ad hoc implementations of get_random_string()
and removes an innapropriate use of settings.SECRET_KEY.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@17580 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-23 21:39:12 +00:00
Julien Phalip 804bd40383 Fixed #17506 -- Did a minor optimization in the sessions' database backend. Thanks to FunkyBob for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17390 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-01-24 07:42:38 +00:00
Jannis Leidel 4c376852fe Updated English base translation files in preparation of the alpha release so Transifex can pick them up.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-22 23:02:28 +00:00
Adrian Holovaty 20c8aa2a20 Fixed various dodgy behaviours
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17226 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-17 17:37:24 +00:00
Aymeric Augustin c11f9c3193 Optimized the cached_db session backend to check if a key exists in the cache first.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17156 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-27 18:36:03 +00:00
Aymeric Augustin bda21e2b9d Fixed #11555 -- Made SessionBase.session_key read-only. Cleaned up code slightly. Refs #13478.
This also removes the implicit initialization of the session key on the first access in favor of explicit initialization.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17155 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-27 17:52:24 +00:00
Paul McMillan 02a1b9a93e Improved the test for #16847.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17141 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-22 01:10:00 +00:00
Paul McMillan 16e3636a1a Fixed Python 2.5 test failure introduced in r17135.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17137 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-21 22:50:35 +00:00
Paul McMillan 4d975b4f88 Fixed #16847. Session Cookies now default to httponly = True.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17135 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-21 22:03:03 +00:00
Aymeric Augustin 4ac594f8a5 Upgraded django.contrib.sessions to be compatible with time zone support.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17121 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-20 10:33:44 +00:00
Jannis Leidel c20d33201c Fixed #17223 -- Correctly reference the signed cookies session backend. Thanks, Bryan Veloso.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17101 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-17 21:16:42 +00:00
Paul McMillan 1ac2bb9b8e Fixed #16987 -- Improved error message for session tests. Thanks jMyles and DiskSpace for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16926 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-05 05:21:47 +00:00
Russell Keith-Magee 33076af6f2 Corrected an issue which could allow attackers to manipulate session data using the cache. A security announcement will be made shortly.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16759 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-10 00:46:48 +00:00
Jannis Leidel fb590bfa9b Replaced `has_key()` calls with `in` to ease Python 3 port. Thanks, Martin von Löwis.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16740 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-09 19:33:40 +00:00
Jannis Leidel 24f4764a48 Fixed #16225 -- Removed unused imports. Many thanks to Aymeric Augustin for the work on the patch and Alex for reviewing.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-13 09:35:51 +00:00
Alex Gaynor 20dc647ba8 Fixed a typo, and added an ``__future__`` import to the new signed cookie tets.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16467 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-26 19:22:53 +00:00
Jannis Leidel c817f2f544 Fixed #16199 -- Added a Cookie based session backend. Many thanks to Eric Florenzano for his initial work and Florian Apollaner for reviewing.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16466 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-26 17:00:24 +00:00
Russell Keith-Magee d60ae0b721 Removed deprecated 'no' translation
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15988 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-02 08:43:43 +00:00
Luke Plant c0caac87f9 Removed Django 1.2 compatibility fallback for session data integrity check hash.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15954 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-30 17:35:22 +00:00
Adrian Holovaty a87be3554f Removed a bunch of Python 2.4 workarounds now that we don't support it. Refs #15702 -- thanks to jonash for the patch. Splitting this over muliple commits to make it more manageable.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15926 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-28 01:40:43 +00:00
Jannis Leidel ada8e2a6fa Pulled translation updates from Transifex again.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15886 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-20 22:16:14 +00:00
Ramiro Morales 5347bbd514 Fixed plural forms formula for the Croatian (hr) localization by manually overriding the header of affected .po files and re-generating .mo files, this seems to be a quirck in Transifex export to PO functionality. Thanks bmihelac fot the report. Refs #15634.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15875 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-17 22:56:10 +00:00
Jannis Leidel d31cf12be1 Pulled sessions translation updates from Transifex.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15836 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-15 20:12:38 +00:00
Jannis Leidel 90564a156c Fixed Hungarian, Russian, Serbian and Ukranian plural forms introduced in r15680.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15752 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-04 01:07:11 +00:00
Jannis Leidel c11140d04b Fixed plural forms of Irish translation introduced in r15680.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15751 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-04 01:05:10 +00:00
Jannis Leidel 53b2a25396 Fixed plural forms of Welsh translation introduced in r15680.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15750 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-04 01:04:31 +00:00
Jannis Leidel bef353873e Fixed plural forms of Bosnian translation introduced in r15680.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15749 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-04 01:03:14 +00:00
Jannis Leidel 9838ba0db7 Updated sessions translations from transifex.net. Refs #15300.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15694 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-01 09:12:43 +00:00
Alex Gaynor 6ca7c9c495 Fixed a security issue in the file session backend. Disclosure and new release forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15467 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-09 02:13:24 +00:00
Russell Keith-Magee 7536f63b32 Fixed #14768 -- Added an es_MX locale and initial translation. Thanks to Alonso Bautista Villalobos and the rest of the Mexican translation team.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15433 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-06 06:06:29 +00:00
Carl Meyer b8a8066ac4 Fixed duplicate-named contrib.sessions tests, and removed unused import (cleanup from doctest conversion).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15377 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-31 18:37:28 +00:00
Jannis Leidel ddb9df78a6 Added new translation files to sessions contrib app.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15270 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-21 19:19:44 +00:00
Russell Keith-Magee 993612c84d Fixed #15026 -- Added cleanup to the invalid key session tests; when using Memcached as a cache backend, the cache-backed session backends would fail on the second run due to leftover cache artefacts. Thanks to jsdalton for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15235 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-17 14:03:19 +00:00
Russell Keith-Magee 78be884ea7 Fixed #3304 -- Added support for HTTPOnly cookies. Thanks to arvin for the suggestion, and rodolfo for the draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14707 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-26 13:30:50 +00:00
Luke Plant f6363bc628 Fixed potential circular import problem.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14564 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-14 23:35:16 +00:00
Luke Plant 0324151bec Fixed #14685 - incompatible code in contrib.sessions.models
Thanks to PaulM for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14562 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-14 22:23:46 +00:00
Russell Keith-Magee ea85d4303d Fixed #14231 -- Added an index to the expire_date column on the Session model. Thanks to joeri for the report, via Frodo from Medid.
This won't affect any existing session tables; see the release notes for migration instructions.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14378 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-28 11:56:37 +00:00
Luke Plant 45c7f427ce Fixed #14445 - Use HMAC and constant-time comparison functions where needed.
All adhoc MAC applications have been updated to use HMAC, using SHA1 to
generate unique keys for each application based on the SECRET_KEY, which is
common practice for this situation. In all cases, backwards compatibility
with existing hashes has been maintained, aiming to phase this out as per
the normal deprecation process. In this way, under most normal
circumstances the old hashes will have expired (e.g. by session expiration
etc.) before they become invalid.

In the case of the messages framework and the cookie backend, which was
already using HMAC, there is the possibility of a backwards incompatibility
if the SECRET_KEY is shorter than the default 50 bytes, but the low
likelihood and low impact meant compatibility code was not worth it.

All known instances where tokens/hashes were compared using simple string
equality, which could potentially open timing based attacks, have also been
fixed using a constant-time comparison function.

There are no known practical attacks against the existing implementations,
so these security improvements will not be backported.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14218 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 20:54:30 +00:00
Russell Keith-Magee 121d2e3678 Fixed #12991 -- Added unittest2 support. Thanks to PaulM for the draft patch, and to Luke, Karen, Justin, Alex, Łukasz Rekucki, and Chuck Harmston for their help testing and reviewing the final patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14139 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 12:55:17 +00:00
Russell Keith-Magee a904e55859 Fixed #11509 -- Modified usage of "Web" to match our style guide in various documentation, comments and code. Thanks to timo and Simon Meers for the work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 08:12:50 +00:00
Russell Keith-Magee 597e03cd74 Fixed #14096 -- Corrected Python 2.4 syntax issue. Thanks to PaulM for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13579 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-14 12:11:02 +00:00
Luke Plant 5eece23296 Converted sessions tests from doctest to unittest.
Also made the FileSession backend consistent with other backends in one
corner case uncovered by the conversion, namely that the backend should
create a new key if the one passed in is invalid.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13482 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-05 11:49:58 +00:00
Russell Keith-Magee 962defed0a Fixed #13200 -- Updated the DB session backend to make full use of routers, deprecating the need for the SESSION_DB_ALIAS setting. Thanks to rokclimb15 for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12844 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-25 10:29:06 +00:00
Adrian Holovaty 5ceed0a053 Changed a whole bunch of places to raise exception instances instead of old-style raising exception classes plus a comma. Good for the future Python 3 conversion
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 18:36:20 +00:00
Russell Keith-Magee ff60c5f9de Fixed #1142 -- Added multiple database support.
This monster of a patch is the result of Alex Gaynor's 2009 Google Summer of Code project.
Congratulations to Alex for a job well done.

Big thanks also go to:
 * Justin Bronn for keeping GIS in line with the changes,
 * Karen Tracey and Jani Tiainen for their help testing Oracle support
 * Brett Hoerner, Jon Loyens, and Craig Kimmerer for their feedback.
 * Malcolm Treddinick for his guidance during the GSoC submission process.
 * Simon Willison for driving the original design process
 * Cal Henderson for complaining about ponies he wanted.

... and everyone else too numerous to mention that helped to bring this feature into fruition.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11952 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-22 15:18:51 +00:00
Jacob Kaplan-Moss c485e236bd Fixed #8193: all dynamic imports in Django are now done correctly. I know this because Brett Cannon borrowed the time machine and brought Python 2.7's '`importlib` back for inclusion in Django. Thanks for the patch-from-the-future, Brett!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10088 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-18 16:55:59 +00:00
Malcolm Tredinnick d77236960a Fixed #9548 -- Correctly detect existence of empty sessions with cache backend.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9934 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-01 07:32:41 +00:00
Jacob Kaplan-Moss 299e1e814f Fixed #6791: added a write-through cache session backend: session data is written through the cache to the database, but read from the cache for speed. Thanks to jhenry, mcroydon, and jdunck.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9727 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-10 22:18:14 +00:00
Jacob Kaplan-Moss b21ea0a836 More be-nice-to-the-buildbot: be better about cleaning up files created by the cache/session tests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9224 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-10-10 21:41:12 +00:00
Malcolm Tredinnick a10fcbdb8b Fixed #9096 -- Fixed a slightly out-of-date comment.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9062 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-17 08:10:55 +00:00
Jacob Kaplan-Moss 89633c3077 Fixed a small oversight in [8750]; thanks for the sharp eyes, Warren. Fixes #8616.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8812 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-01 20:25:16 +00:00
Jacob Kaplan-Moss eebc7caa63 Fixed #8616 (again): prevent a race condition in the session file backend. Many thanks to Warren Smith for help and the eventual fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8750 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-30 20:50:41 +00:00
Malcolm Tredinnick 3717e3bba3 Reverted #8688 for now, since it merely introduced different bugs, rather than
fixing the problem. We have a plan B (and plan C, if needed), so this will be
fixed in a different way.

Refs #8616.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8707 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29 17:32:21 +00:00
Malcolm Tredinnick 02f86a1c7c Fixed #8616 -- Fixed a race condition in the file-based session backend.
Thanks to warren@wandrsmith.net for the patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8688 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29 01:44:11 +00:00
Malcolm Tredinnick ee28560997 Fixed #8311 -- Avoid an infinite loop with session key generation when using
the cache backend and memcached goes away (or is not running).


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8620 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 08:58:51 +00:00
Malcolm Tredinnick 213f294638 Avoid a crash when unencoding session data for the db backend. This is required
because some configurations of MySQL (with utf8_bin collation) will return
bytestring, rather than unicode data, which was causing problems previously.

Refs #8340.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8507 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 22:59:04 +00:00
Malcolm Tredinnick c8c159cbba When logging in, change the session key whilst preserving any existing
sesssion. This means the user will see their session preserved across a login
boundary, but somebody snooping the anonymous session key won't be able to view
the authenticated session data.

This is the final piece of the session key handling changes.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8459 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-21 13:54:53 +00:00
Malcolm Tredinnick eb85af1865 Fixed #8457 -- Fixed a missing import.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8451 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-20 21:12:45 +00:00
Malcolm Tredinnick 54f9a98713 Fixed #8351 -- Fixed the returned value when we attempt to load a cache-backed session object that doesn't alreayd exist.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8410 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-16 15:54:36 +00:00
Malcolm Tredinnick 0d48087a53 Made a few small tweaks to reduce persistent storage accesses in the session
backend. Refs #8311, although doesn't fix the problem there.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8381 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 14:59:11 +00:00
Malcolm Tredinnick 9e423b51e3 Fixed #8314 -- Fixed an infinite loop caused when submitting a session key (via
a cookie) with no corresponding entry in the database.

This only affected the database backend, but I've applied the same fix to all
three backends for robustness.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8351 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 19:43:08 +00:00
Gary Wilson Jr f9301fa8f4 Removed some testing code inadvertently commited in [8348].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8349 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 15:41:38 +00:00
Gary Wilson Jr 788de6b5fd Fixed #8206 -- Removed validate methods of Model and Model fields. They are are unsupported for 1.0 and will be replaced with more complete model validation (refs #6845).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8348 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 15:37:43 +00:00
Malcolm Tredinnick 2da6628519 Fixed #8310 -- Actually use the SystemRandom RNG, if available, which fixes an
oversight from [8340]. The previous code worked, but this is what I really
intended.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8346 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 13:54:22 +00:00
Malcolm Tredinnick 9d83444f16 Fixed #6984 -- Make sure to load session data from the file (if necessary)
prior to truncating it during a save.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8344 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 03:58:09 +00:00
Malcolm Tredinnick 5e8efa9a60 Implemented a flush() method on sessions that cleans out the session and
regenerates the key. Used to ensure the caller gets a fresh session at logout,
for example.

Based on a patch from mrts. Refs #7515.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8342 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 03:57:46 +00:00
Malcolm Tredinnick 31ec68c5d9 Added a clear() method to sessions. Patch from mrts. Refs #7515.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8341 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 03:57:30 +00:00
Malcolm Tredinnick af7b6475ca Added guaranteed atomic creation of new session objects. Slightly backwards
incompatible for custom session backends.

Whilst we were in the neighbourhood, use a larger range of session key values
to save a small amount of time and use the hardware-base random numbers where
available (transparently falls back to pseudo-RNG otherwise).

Fixed #1080


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8340 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 03:57:18 +00:00
Gary Wilson Jr c85c8f8891 Fixed #7919 -- md5 and sha modules are deprecated since Python 2.5, use hashlib module when available. Patch from Karen Tracey.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8193 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-02 05:56:57 +00:00
Malcolm Tredinnick 004ff03a8e Removed TEST_COOKIE_NAME and TEST_COOKIE_VALUE constants from
sessions.middleware. They haven't been used here since the great refactor and
are duplicated in sessions.backends.base.SessionBase.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8156 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-30 21:55:47 +00:00
Adrian Holovaty 29f0e8182f Fixed #7847 -- Removed a whole bunch of unused imports from throughout the codebase. Thanks, julien
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8046 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-22 03:24:09 +00:00
Gary Wilson Jr 5db4d60215 Several Django styling fixes in the `contrib.sessions` app.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7725 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-23 05:08:07 +00:00
Russell Keith-Magee dc7f21daf7 Fixed #7429 -- Modified the Session base class a little more dictionary-like by adding update(), has_key(), values(), and iterator access methods. Thanks to Jeremy Dunck for the suggestion and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7687 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-18 12:07:46 +00:00
Jacob Kaplan-Moss 8d4f79a799 Fixed #2548: added get/set_expiry methods to session objects. Thanks, Amit Upadhyay and SmileyChris.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7586 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-07 20:28:06 +00:00
Malcolm Tredinnick 9e47cc2e51 Fixed #5507 -- Use a more portable way to get at the system's tmpdir (fixes a
problem with the default on Windows). Thanks, Philippe Raoult.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7329 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-20 06:43:58 +00:00
Malcolm Tredinnick f1a24be01c Fixed #6481 -- Fixed a bunch of import problems (and some whitespace cleanups).
Found by Bastian Kleineidam with help from pyflakes. Thanks.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7131 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-19 00:08:08 +00:00
Malcolm Tredinnick 041e24dbde Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-01-06 12:53:09 +00:00
Jacob Kaplan-Moss 35921e570b Added a test for [6889]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6890 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-04 20:29:43 +00:00
Jacob Kaplan-Moss 602b7bca7a Fixed #6082: file-based sessions now verify that SESSION_FILE_PATH is a valid storage location, and raise ImproperlyConfigured if not. Thanks, jags78.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6889 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-04 20:24:22 +00:00
Malcolm Tredinnick 49da9ab57e Fixed #6087 -- Added setdefault() support to the Session object. Thanks, Ben
Slavin.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6831 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-02 15:27:29 +00:00
Malcolm Tredinnick cf21274b1a Fixed #6081 -- Removed unused code. Thanks, Ben Slavin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6796 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-01 18:10:14 +00:00
Gary Wilson Jr 8c442f21dc Fixed #5816 -- Fixed a regression from [6333] that generates incorrect cookie "expires" dates when using a locale other than English. Introduced `http_date` and `cookie_date` utility functions. Thanks for the report Michael Lemaire. Thanks for the patch Karen Tracey and `SmileyChris`.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6634 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-31 03:59:40 +00:00
Gary Wilson Jr a7a6a1b75d Fixed imports, indention, and a long line.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-29 23:55:08 +00:00
Malcolm Tredinnick 4c0d8d882d Fixed #4729 -- Restored functionality to the Session class so that popping a
value marks it as modified. This was accidentally lost in the changes in
[6333]. Thanks, __hawkeye__.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6558 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 10:12:59 +00:00
Malcolm Tredinnick e172e7be57 Fixed #4724 -- Added support for configurable session cookie paths. Helps with
multiple Django installs under the same hostname. Thanks, frej and Graham
Dumpleton.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 05:13:56 +00:00
Gary Wilson Jr e8c9e3a853 Fixed #5598 -- Restored needed imports that were removed in [6333]. Thanks, gav.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6425 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-25 23:16:11 +00:00
Adrian Holovaty 79dead9a24 Removed trailing whitespace in django/contrib/sessions/backends/base.py
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6388 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-20 04:35:03 +00:00
Adrian Holovaty 3db846cdb5 Fixed #5548 -- Reintroduced Jython workaround for os.getpid(), which was lost in [6270]. Thanks, leosoto
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6386 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-20 02:19:48 +00:00