Commit Graph

247 Commits

Author SHA1 Message Date
Jozef fff86cfa46 Made session loading in cached_db engine more DRY. 2017-12-08 10:51:16 -05:00
Tim Graham 2b81faab25
Fixed #28906 -- Removed unnecessary bool() calls. 2017-12-07 17:13:07 -05:00
Claude Paroz d0932ce8fc Updated contrib translations from Transifex
Forward port of 765e6de924 from stable/2.0.x
2017-12-01 21:51:30 +01:00
Дилян Палаузов c69e4bc691 Fixed #28769 -- Replaced 'x if x else y' with 'x or y'. 2017-11-07 09:08:46 -05:00
Tim Graham 6e4c6281db Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."
This reverts commit 550cb3a365
because try/except performs better.
2017-09-07 08:16:21 -04:00
Sergey Fedoseev 38988f289f Avoided creation of temporary sets. 2017-07-29 10:16:43 -04:00
Mads Jensen 550cb3a365 Fixed #27818 -- Replaced try/except/pass with contextlib.suppress(). 2017-06-28 14:07:55 -04:00
Tim Graham 578e576c31 Fixed #28167 -- Fixed cache backend's SessionStore.exists() if session_key is None. 2017-05-03 12:39:07 -04:00
Claude Paroz 301de774c2 Refs #27795 -- Replaced many force_text() with str()
Thanks Tim Graham for the review.
2017-04-27 09:10:02 +02:00
InvalidInterrupt dda596ca32 Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data. 2017-04-17 09:58:19 -04:00
Claude Paroz 2dba812d86 Updated contrib translations from Transifex
Forward port of 290b2849f7 from stable/1.11.x
2017-04-04 12:39:02 +02:00
Anton Samarchyan 86de930f41 Refs #27656 -- Updated remaining docstring verbs according to PEP 257. 2017-03-04 10:02:06 -05:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Anton Samarchyan 5411821e3b Refs #27656 -- Updated django.contrib docstring verb style according to PEP 257. 2017-02-04 16:39:28 -05:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Tim Graham 632c4ffd9c Refs #23919 -- Replaced errno checking with PEP 3151 exceptions. 2017-01-25 10:13:08 -05:00
Srinivas Reddy Thatiparthy eb0b921c29 Refs #23919 -- Removed SessionBase.iterkeys(), itervalues(), iteritems().
These methods only work on Python 2.
2017-01-19 14:15:00 -05:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz f3c43ad1fd Refs #23919 -- Removed python_2_unicode_compatible decorator usage 2017-01-18 13:44:34 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Andrew Nester 1ce04bcce0 Fixed #27363 -- Replaced unsafe redirect in SessionMiddleware with SuspiciousOperation. 2016-11-01 07:15:56 -04:00
Adam Zapletal 887f3d3219 Fixed #26764 -- Fixed Session.cycle_key() crash on unaccessed session. 2016-08-08 13:01:25 -04:00
Claude Paroz 374b6091ac Pulled contrib translations from Transifex
Forward port f19cadd391 from stable/1.10.x
2016-08-01 19:47:19 +02:00
Claude Paroz 490107f14d Added Upper/Lower Sorbian translations 2016-06-29 21:11:30 +02:00
Jon Dufresne d13881bd34 Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion when using SESSION_COOKIE_PATH. 2016-06-21 11:03:25 -04:00
Florian Apolloner 9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Claude Paroz 8dcf352c03 Pulled translations from Transifex 2016-04-30 14:27:07 +02:00
Claude Paroz d9a00ad16b Removed deprecated Chinese language codes for contrib apps
Refs #18149.
2016-04-30 14:26:47 +02:00
Tobias Kroenke b040ac06eb Fixed #26520 -- Fixed a regression where SessionBase.pop() didn't return a KeyError. 2016-04-20 13:06:47 -04:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Jon Dufresne 5faf745999 Refs #21608 -- Fixed incorrect cache key in cache session backend's save().
The bug was introduced commit 3389c5ea22.
2016-04-04 07:41:59 -04:00
Tore Lundqvist 3389c5ea22 Fixed #21608 -- Prevented logged out sessions being resurrected by concurrent requests.
Thanks Simon Charette for the review.
2016-02-26 18:56:56 -05:00
Tim Graham 98839e9066 Removed British/Austrialian word: whilist. 2015-12-31 14:29:52 -05:00
Claude Paroz 273ce8aa6a Pulled contrib translations from Transifex
Forward port of 6a4649c27e from stable/1.9.x
2015-12-01 20:37:57 +01:00
Brian Gianforcaro a3fffdca24 Fixed #25558 -- Fixed nondeterministic test failure on Windows: test_clearsessions_command.
The test session without an expiration date added in refs #22938 wasn't
always deleted on Windows because get_expiry_age() returns zero and the
file backend didn't consider that an expired session.
2015-10-17 10:03:11 -04:00
Aleksandra Tarkowska c055224763 Fixed #22938 -- Allowed clearsessions to remove file-based sessions. 2015-10-03 09:21:10 -04:00
Dražen Odobašić b1e33ceced Fixed #23395 -- Limited line lengths to 119 characters. 2015-09-12 11:40:50 -04:00
Sergey Kolosov 22bb548900 Fixed #22634 -- Made the database-backed session backends more extensible.
Introduced an AbstractBaseSession model and hooks providing the option
of overriding the model class used by the session store and the session
store class used by the model.
2015-08-27 15:00:09 -04:00
Tim Graham 8cc41ce7a7 Fixed DoS possiblity in contrib.auth.views.logout()
Thanks Florian Apolloner and Carl Meyer for review.

This is a security fix.
2015-08-18 08:03:43 -04:00
Carl Meyer df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session.
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
David Bannon f4416b1a8b Fixed #24915 -- Added stricter session key validation
Changed _session_key attribute to a property and implemented basic
validation in the setter. The session key must be 'truthy' and
at least 8 characters long. Otherwise, the value is set to None.
2015-06-06 20:04:20 -04:00
Tim Graham 088579638b Fixed incorrect session.flush() in cached_db session backend.
This is a security fix; disclosure to follow shortly.

Thanks Sam Cooke for the report and draft patch.
2015-05-20 13:48:06 -04:00
Bo Lopker 2dee853ed4 Fixed #24799 -- Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN 2015-05-15 11:23:41 -04:00
Piotr Jakimiak 4157c502a5 Removed unnecessary arguments in .get method calls 2015-05-13 20:51:18 +02:00
Claude Paroz 6aed5cfc6f Updated translations from Transifex
Updates for languages: Indonesian, Belarusian, Persian, and Dutch.
Forward port of cb370f8510 from stable/1.8.x
2015-04-30 14:29:08 +02:00
Adam Zapletal 872eb26f54 Fixed #24621 -- Fixed and documented SessionBase.pop's second argument
Changed SessionBase.pop's second argument to explicitly be default=None
rather than *args since _session is always a dict. Thanks gabor for the
report and Tim Graham for the review.
2015-04-13 10:32:03 -04:00
Claude Paroz 88dfe544f6 Fetched updated contrib translations from Transifex
Forward port of 5483c66f85 from stable/1.8.x
2015-04-01 19:51:50 +02:00
Tim Graham 8a481498aa Fixed #24468 -- Made signed cookies cache backend resilient to unpickling exceptions. 2015-03-12 08:19:54 -04:00
Tim Graham fac3a34cbb Moved contrib.sessions tests out of contrib. 2015-02-11 10:19:22 -05:00