9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
df8d8d4292
Fixed E128 flake8 warnings in django/.
2016-04-08 09:51:06 -04:00
3389c5ea22
Fixed #21608 -- Prevented logged out sessions being resurrected by concurrent requests.
...
Thanks Simon Charette for the review.
2016-02-26 18:56:56 -05:00
8cc41ce7a7
Fixed DoS possiblity in contrib.auth.views.logout()
...
Thanks Florian Apolloner and Carl Meyer for review.
This is a security fix.
2015-08-18 08:03:43 -04:00
2dee853ed4
Fixed #24799 -- Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN
2015-05-15 11:23:41 -04:00
4157c502a5
Removed unnecessary arguments in .get method calls
2015-05-13 20:51:18 +02:00
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
393c0e2422
Fixed #20936 -- When logging out/ending a session, don't create a new, empty session.
...
Previously, when logging out, the existing session was overwritten by a
new sessionid instead of deleting the session altogether.
This behavior added overhead by creating a new session record in
whichever backend was in use: db, cache, etc.
This extra session is unnecessary at the time since no session data is
meant to be preserved when explicitly logging out.
2014-05-11 21:42:26 -03:00
7548aa8ffd
More attacking E302 violators
2013-11-02 13:12:09 -07:00
fdd7a355bf
Deprecated django.utils.importlib
...
This was a shim for pre-Python 2.7 support.
2013-07-29 17:10:22 +02:00
5ff2ffa330
Define the SessionStore inside __init__ instead of process_request
...
It's unnecessary to run this on every request, since technically, settings *should be* immutable.
2013-06-30 09:43:02 +02:00
aeda55e6bf
Fixed #3881 -- skip saving session when response status is 500
...
Saving session data is somewhat likely to lead into error when the
status code is 500. It is guaranteed to lead into error if the reason
for the 500 code is query error on PostgreSQL.
2012-07-16 20:57:55 +03:00
78be884ea7
Fixed #3304 -- Added support for HTTPOnly cookies. Thanks to arvin for the suggestion, and rodolfo for the draft patch.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14707 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-26 13:30:50 +00:00
c485e236bd
Fixed #8193 : all dynamic imports in Django are now done correctly. I know this because Brett Cannon borrowed the time machine and brought Python 2.7's '`importlib` back for inclusion in Django. Thanks for the patch-from-the-future, Brett!
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10088 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-18 16:55:59 +00:00
a10fcbdb8b
Fixed #9096 -- Fixed a slightly out-of-date comment.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9062 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-17 08:10:55 +00:00
004ff03a8e
Removed TEST_COOKIE_NAME and TEST_COOKIE_VALUE constants from
...
sessions.middleware. They haven't been used here since the great refactor and
are duplicated in sessions.backends.base.SessionBase.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8156 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-30 21:55:47 +00:00
5db4d60215
Several Django styling fixes in the `contrib.sessions` app.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7725 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-23 05:08:07 +00:00
8d4f79a799
Fixed #2548 : added get/set_expiry methods to session objects. Thanks, Amit Upadhyay and SmileyChris.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7586 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-07 20:28:06 +00:00
8c442f21dc
Fixed #5816 -- Fixed a regression from [6333] that generates incorrect cookie "expires" dates when using a locale other than English. Introduced `http_date` and `cookie_date` utility functions. Thanks for the report Michael Lemaire. Thanks for the patch Karen Tracey and `SmileyChris`.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6634 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-31 03:59:40 +00:00
a7a6a1b75d
Fixed imports, indention, and a long line.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-29 23:55:08 +00:00
e172e7be57
Fixed #4724 -- Added support for configurable session cookie paths. Helps with
...
multiple Django installs under the same hostname. Thanks, frej and Graham
Dumpleton.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 05:13:56 +00:00
bcf7e9a9fe
Fixed #2066 : session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 21:29:14 +00:00
5dd9a2ab38
Fixed #4199 -- Changed date formatting in HTTP expires header to be spec
...
compliant. Thanks, Chris Bennett.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5712 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-16 03:50:22 +00:00
f9a592d99d
Fixed #4729 -- SessionWrapper.pop now sets modified flag if necessary. Thanks, Ben Slavin, SmileyChris and Collin Grady
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5592 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-03 15:02:40 +00:00
4c53116144
Fixed #4338 -- Added pop() method to SessionWrapper. Thanks, Gary Wilson.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5306 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-05-21 04:03:53 +00:00
29aa31d8f5
Reduced the chances of session object collision. The window of opportunity is
...
now about five Python instructions in get_or_create(). This doesn't guarantee
no collisions, but should fix many occurrences. Refs #1180 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4771 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-03-22 02:20:33 +00:00
c651b08f39
Fixed #3586 -- Only output "Vary: Cookie" HTTP header when the session object
...
is accessed. Leads to better caching performance. Thanks, Owen Griffiths.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4680 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-03-08 08:46:59 +00:00
9d94355885
Fixed #2133 -- Invalid session cookie no longer causes fatal error. Thanks, greg-django@abbas.org
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4423 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-01-25 00:47:44 +00:00
45be33a632
Fixed #2523 -- Added SESSION_COOKIE_SECURE setting. Thanks, mir@noris.de
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3570 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-08-12 06:02:28 +00:00
2abfd5dd58
Fixed #2109 -- Convert old-style classes to new-style classes throughout Django. Thanks, Nicola Larosa
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3113 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-08 05:00:13 +00:00
26b61aa813
Fixed #395 -- Added SESSION_EXPIRE_AT_BROWSER_CLOSE setting, which regulates whether session framework should use browser-session-length cookies.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3049 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-01 22:25:06 +00:00
f69cf70ed8
MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-02 01:31:56 +00:00
Florian Apolloner
Tim Graham
Tore Lundqvist
Bo Lopker
Piotr Jakimiak
Matt Robenolt
Alex Gaynor
Claude Paroz
Anssi Kääriäinen
Russell Keith-Magee
Jacob Kaplan-Moss
Malcolm Tredinnick
Gary Wilson Jr
Adrian Holovaty