bcc2befd0e
Fixed #31789 -- Added a new headers interface to HttpResponse.
2020-09-14 08:41:59 +02:00
2808cdc8fb
Fixed #31962 -- Made SessionMiddleware raise SessionInterrupted when session destroyed while request is processing.
2020-09-09 09:04:28 +02:00
4376c2c7f8
Fixed #31895 -- Fixed crash when decoding invalid session data.
...
Thanks Matt Hegarty for the report.
Regression in d4fff711d4
2020-08-19 12:06:00 +02:00
99abfe8f4d
Fixed #31864 -- Fixed encoding session data during transition to Django 3.1.
...
Thanks אורי for the report.
2020-08-07 21:42:39 +02:00
240cbb63bf
Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().
...
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.
This affects sessions and messages cookies.
2020-07-16 08:16:58 +02:00
d4fff711d4
Fixed #31274 -- Used signing infrastructure in SessionBase.encode()/decode().
...
Thanks Mariusz Felisiak and Florian Apolloner for the reviews.
2020-03-02 12:16:48 +01:00
4d973f5939
Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
...
This is the new contract since middleware refactoring in Django 1.10.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
77aa74cb70
Refs #29983 -- Added support for using pathlib.Path in all settings.
2019-11-07 10:26:22 +01:00
9d6f981a66
Fixed #28763 -- Allowed overriding the session cookie age with SessionStore.get_session_cookie_age().
2019-05-21 08:50:09 +02:00
dc740dde50
Fixed #29471 -- Added 'Vary: Cookie' to invalid/empty session cookie responses.
2019-03-21 18:02:49 -04:00
7785e03ba8
Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
...
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
0f212db29d
Made reused RequestFactory instances class attributes.
2018-11-27 09:49:02 -05:00
bdae19cf63
Refs #27795 -- Removed force_bytes() usage in sessions.
...
SessionBase.decode() is the inverse operation to SessionBase.encode().
As SessionBase.encode() always returns a string, SessionBase.decode()
should always be passed a string argument. Fixed the file backend, which
was the only backend still passing a bytestring.
2018-10-03 11:11:42 +02:00
607970f31c
Replaced django.test.utils.patch_logger() with assertLogs().
...
Thanks Tim Graham for the review.
2018-05-07 09:34:00 -04:00
9a56b4b13e
Fixed #27863 -- Added support for the SameSite cookie flag.
...
Thanks Alex Gaynor for contributing to the patch.
2018-04-13 20:58:31 -04:00
362813d628
Fixed hanging indentation in various code.
2018-03-16 10:54:34 +01:00
0afffae4ec
Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231.
2018-01-02 11:22:59 -05:00
cfff2af02b
Fixed #27857 -- Dropped support for Python 3.4.
2017-09-25 17:11:03 -04:00
cde31daf88
Sorted imports per isort 4.2.9.
2017-06-01 13:23:48 -04:00
67702f3505
Converted sessions_tests to use assertIs() rather than assertTrue/False().
2017-05-03 20:21:39 -04:00
578e576c31
Fixed #28167 -- Fixed cache backend's SessionStore.exists() if session_key is None.
2017-05-03 12:39:07 -04:00
81f8449402
Refs #28066 -- Fixed nondeterministic ordering test failure in sessions_tests.
...
Thanks Tim Graham for the review.
2017-04-18 17:56:59 +02:00
dda596ca32
Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data.
2017-04-17 09:58:19 -04:00
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
2366100872
Removed unneeded force_text calls in the test suite
2017-01-24 18:45:54 +01:00
eb0b921c29
Refs #23919 -- Removed SessionBase.iterkeys(), itervalues(), iteritems().
...
These methods only work on Python 2.
2017-01-19 14:15:00 -05:00
cecc079168
Refs #23919 -- Stopped inheriting from object to define new style classes.
2017-01-19 08:39:46 +01:00
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
321e94fa41
Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.
2016-11-10 21:30:21 -05:00
1ce04bcce0
Fixed #27363 -- Replaced unsafe redirect in SessionMiddleware with SuspiciousOperation.
2016-11-01 07:15:56 -04:00
887f3d3219
Fixed #26764 -- Fixed Session.cycle_key() crash on unaccessed session.
2016-08-08 13:01:25 -04:00
c9ae09addf
Replaced use of TestCase.fail() with assertRaises().
...
Also removed try/except/fail antipattern that hides exceptions.
2016-06-28 11:21:26 -04:00
d13881bd34
Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion when using SESSION_COOKIE_PATH.
2016-06-21 11:03:25 -04:00
4f336f6652
Fixed #26747 -- Used more specific assertions in the Django test suite.
2016-06-16 14:19:18 -04:00
b040ac06eb
Fixed #26520 -- Fixed a regression where SessionBase.pop() didn't return a KeyError.
2016-04-20 13:06:47 -04:00
973f393761
Refs #24621 -- Added a test for SessionBase.pop()'s 'default' argument.
2016-04-20 12:57:07 -04:00
92053acbb9
Fixed E128 flake8 warnings in tests/.
2016-04-08 10:12:33 -04:00
5faf745999
Refs #21608 -- Fixed incorrect cache key in cache session backend's save().
...
The bug was introduced commit 3389c5ea22
2016-04-04 07:41:59 -04:00
3389c5ea22
Fixed #21608 -- Prevented logged out sessions being resurrected by concurrent requests.
...
Thanks Simon Charette for the review.
2016-02-26 18:56:56 -05:00
62ea86448e
Cleaned up session backends tests.
...
Made SessionTestsMixin backend agnostic and removed code obsoleted by the test
discovery refactor.
2016-02-26 11:22:33 -05:00
19318507d9
Stopped registering the sessions tests models to the sessions app.
2016-02-04 12:28:09 -05:00
3d0dcd7f5a
Refs #26022 -- Used context manager version of assertRaises in tests.
2016-01-29 12:32:18 -05:00
9e3f6c7483
Fixed quad quoted ("""") docstring starts.
2015-10-20 12:19:17 -04:00
c055224763
Fixed #22938 -- Allowed clearsessions to remove file-based sessions.
2015-10-03 09:21:10 -04:00
22bb548900
Fixed #22634 -- Made the database-backed session backends more extensible.
...
Introduced an AbstractBaseSession model and hooks providing the option
of overriding the model class used by the session store and the session
store class used by the model.
2015-08-27 15:00:09 -04:00
867d287b3a
Added a test to ensure empty sessions are saved.
2015-08-20 10:24:19 -04:00
8cc41ce7a7
Fixed DoS possiblity in contrib.auth.views.logout()
...
Thanks Florian Apolloner and Carl Meyer for review.
This is a security fix.
2015-08-18 08:03:43 -04:00
df049ed77a
Fixed #19324 -- Avoided creating a session record when loading the session.
...
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.
This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
f4416b1a8b
Fixed #24915 -- Added stricter session key validation
...
Changed _session_key attribute to a property and implemented basic
validation in the setter. The session key must be 'truthy' and
at least 8 characters long. Otherwise, the value is set to None.
2015-06-06 20:04:20 -04:00
088579638b
Fixed incorrect session.flush() in cached_db session backend.
...
This is a security fix; disclosure to follow shortly.
Thanks Sam Cooke for the report and draft patch.
2015-05-20 13:48:06 -04:00
Tom Carrick
Hasan Ramezani
Mariusz Felisiak
Claude Paroz
Jon Dufresne
birthdaysgift
Simon Charette
Alex Gaynor
Alexey
Tim Graham
InvalidInterrupt
chillaranand
Srinivas Reddy Thatiparthy
Simon Charette
za
Andrew Nester
Adam Zapletal
Tobias Kroenke
Nicolas Noé
Tore Lundqvist
John Vandenberg
Aleksandra Tarkowska
Sergey Kolosov
Carl Meyer
David Bannon