innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
12,930 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

7 Commits

Author SHA1 Message Date
Aymeric Augustin f356a2e52f Fixed #17810 (again). Catch session key errors. 
The previous commit didn't work with PyLibMC.
This solution appears to be the best compromise
at this point in the 1.4 release cycle.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17797 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-23 16:14:46 +00:00
Jannis Leidel 46871eb1bb Fixed an incompatibility with Python 2.5 in the changes done in r17795. Refs #17810. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17796 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-23 09:32:11 +00:00
Paul McMillan 2ca9801956 Fixed #17810. Catch session key errors. 
Catches memcached session key errors related to overly long session keys.
This is a long-standing bug, but severity was exacerbated by the addition
of cookie-backed session storage, which generates long session values. If
an installation switched from cookie-backed session store to memcached,
users would not be able to log in because of the server error from overly
long memcached keys.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17795 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2012-03-23 05:31:11 +00:00
Aymeric Augustin c11f9c3193 Optimized the cached_db session backend to check if a key exists in the cache first. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17156 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-11-27 18:36:03 +00:00
Aymeric Augustin bda21e2b9d Fixed #11555 -- Made SessionBase.session_key read-only. Cleaned up code slightly. Refs #13478. 
This also removes the implicit initialization of the session key on the first access in favor of explicit initialization.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17155 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-11-27 17:52:24 +00:00
Russell Keith-Magee 33076af6f2 Corrected an issue which could allow attackers to manipulate session data using the cache. A security announcement will be made shortly. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16759 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2011-09-10 00:46:48 +00:00
Jacob Kaplan-Moss 299e1e814f Fixed #6791: added a write-through cache session backend: session data is written through the cache to the database, but read from the cache for speed. Thanks to jhenry, mcroydon, and jdunck. 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9727 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 2009-01-10 22:18:14 +00:00