4376c2c7f8
Fixed #31895 -- Fixed crash when decoding invalid session data.
...
Thanks Matt Hegarty for the report.
Regression in d4fff711d4
2020-08-19 12:06:00 +02:00
99abfe8f4d
Fixed #31864 -- Fixed encoding session data during transition to Django 3.1.
...
Thanks אורי for the report.
2020-08-07 21:42:39 +02:00
d4fff711d4
Fixed #31274 -- Used signing infrastructure in SessionBase.encode()/decode().
...
Thanks Mariusz Felisiak and Florian Apolloner for the reviews.
2020-03-02 12:16:48 +01:00
9d6f981a66
Fixed #28763 -- Allowed overriding the session cookie age with SessionStore.get_session_cookie_age().
2019-05-21 08:50:09 +02:00
a8e2a9bac6
Refs #15902 -- Deprecated storing user's language in the session.
2019-02-14 10:23:02 -05:00
af1434329f
Removed unnecessary type() calls for class methods.
2019-02-06 22:00:32 -05:00
7785e03ba8
Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
...
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
7e3bf2662b
Removed default mode='r' argument from calls to open().
2019-01-27 17:41:43 -05:00
bdae19cf63
Refs #27795 -- Removed force_bytes() usage in sessions.
...
SessionBase.decode() is the inverse operation to SessionBase.encode().
As SessionBase.encode() always returns a string, SessionBase.decode()
should always be passed a string argument. Fixed the file backend, which
was the only backend still passing a bytestring.
2018-10-03 11:11:42 +02:00
2ec151e35d
Fixed #29514 -- Reverted "Used datetime.timezone.utc instead of pytz.utc for better performance."
...
This reverts commit 27ca5ce19f
2018-06-28 11:14:26 -04:00
27ca5ce19f
Used datetime.timezone.utc instead of pytz.utc for better performance.
2018-03-20 15:24:16 -04:00
a38ae914d8
Fixed #28996 -- Simplified some boolean constructs and removed trivial continue statements.
2018-01-12 12:44:50 -05:00
d7b2aa24f7
Fixed #28982 -- Simplified code with and/or.
2018-01-03 20:12:23 -05:00
acc8dd4142
Fixed #28984 -- Made assorted code simplifications.
2018-01-03 13:24:02 -05:00
fff86cfa46
Made session loading in cached_db engine more DRY.
2017-12-08 10:51:16 -05:00
2b81faab25
Fixed #28906 -- Removed unnecessary bool() calls.
2017-12-07 17:13:07 -05:00
c69e4bc691
Fixed #28769 -- Replaced 'x if x else y' with 'x or y'.
2017-11-07 09:08:46 -05:00
6e4c6281db
Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."
...
This reverts commit 550cb3a365
2017-09-07 08:16:21 -04:00
38988f289f
Avoided creation of temporary sets.
2017-07-29 10:16:43 -04:00
550cb3a365
Fixed #27818 -- Replaced try/except/pass with contextlib.suppress().
2017-06-28 14:07:55 -04:00
578e576c31
Fixed #28167 -- Fixed cache backend's SessionStore.exists() if session_key is None.
2017-05-03 12:39:07 -04:00
301de774c2
Refs #27795 -- Replaced many force_text() with str()
...
Thanks Tim Graham for the review.
2017-04-27 09:10:02 +02:00
dda596ca32
Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data.
2017-04-17 09:58:19 -04:00
86de930f41
Refs #27656 -- Updated remaining docstring verbs according to PEP 257.
2017-03-04 10:02:06 -05:00
5411821e3b
Refs #27656 -- Updated django.contrib docstring verb style according to PEP 257.
2017-02-04 16:39:28 -05:00
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
632c4ffd9c
Refs #23919 -- Replaced errno checking with PEP 3151 exceptions.
2017-01-25 10:13:08 -05:00
eb0b921c29
Refs #23919 -- Removed SessionBase.iterkeys(), itervalues(), iteritems().
...
These methods only work on Python 2.
2017-01-19 14:15:00 -05:00
cecc079168
Refs #23919 -- Stopped inheriting from object to define new style classes.
2017-01-19 08:39:46 +01:00
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
887f3d3219
Fixed #26764 -- Fixed Session.cycle_key() crash on unaccessed session.
2016-08-08 13:01:25 -04:00
b040ac06eb
Fixed #26520 -- Fixed a regression where SessionBase.pop() didn't return a KeyError.
2016-04-20 13:06:47 -04:00
df8d8d4292
Fixed E128 flake8 warnings in django/.
2016-04-08 09:51:06 -04:00
5faf745999
Refs #21608 -- Fixed incorrect cache key in cache session backend's save().
...
The bug was introduced commit 3389c5ea22
2016-04-04 07:41:59 -04:00
3389c5ea22
Fixed #21608 -- Prevented logged out sessions being resurrected by concurrent requests.
...
Thanks Simon Charette for the review.
2016-02-26 18:56:56 -05:00
98839e9066
Removed British/Austrialian word: whilist.
2015-12-31 14:29:52 -05:00
a3fffdca24
Fixed #25558 -- Fixed nondeterministic test failure on Windows: test_clearsessions_command.
...
The test session without an expiration date added in refs #22938 wasn't
always deleted on Windows because get_expiry_age() returns zero and the
file backend didn't consider that an expired session.
2015-10-17 10:03:11 -04:00
c055224763
Fixed #22938 -- Allowed clearsessions to remove file-based sessions.
2015-10-03 09:21:10 -04:00
22bb548900
Fixed #22634 -- Made the database-backed session backends more extensible.
...
Introduced an AbstractBaseSession model and hooks providing the option
of overriding the model class used by the session store and the session
store class used by the model.
2015-08-27 15:00:09 -04:00
df049ed77a
Fixed #19324 -- Avoided creating a session record when loading the session.
...
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.
This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
f4416b1a8b
Fixed #24915 -- Added stricter session key validation
...
Changed _session_key attribute to a property and implemented basic
validation in the setter. The session key must be 'truthy' and
at least 8 characters long. Otherwise, the value is set to None.
2015-06-06 20:04:20 -04:00
088579638b
Fixed incorrect session.flush() in cached_db session backend.
...
This is a security fix; disclosure to follow shortly.
Thanks Sam Cooke for the report and draft patch.
2015-05-20 13:48:06 -04:00
4157c502a5
Removed unnecessary arguments in .get method calls
2015-05-13 20:51:18 +02:00
872eb26f54
Fixed #24621 -- Fixed and documented SessionBase.pop's second argument
...
Changed SessionBase.pop's second argument to explicitly be default=None
rather than *args since _session is always a dict. Thanks gabor for the
report and Tim Graham for the review.
2015-04-13 10:32:03 -04:00
8a481498aa
Fixed #24468 -- Made signed cookies cache backend resilient to unpickling exceptions.
2015-03-12 08:19:54 -04:00
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
895dc880eb
Fixed #23812 -- Changed django.utils.six.moves.xrange imports to range
2014-12-13 12:45:58 -05:00
393c0e2422
Fixed #20936 -- When logging out/ending a session, don't create a new, empty session.
...
Previously, when logging out, the existing session was overwritten by a
new sessionid instead of deleting the session altogether.
This behavior added overhead by creating a new session record in
whichever backend was in use: db, cache, etc.
This extra session is unnecessary at the time since no session data is
meant to be preserved when explicitly logging out.
2014-05-11 21:42:26 -03:00
5d263dee30
Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
...
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
Mariusz Felisiak
Claude Paroz
Hasan Ramezani
Jon Dufresne
Tim Graham
Sergey Fedoseev
Дилян Палаузов
Jozef
Дилян Палаузов
Mads Jensen
InvalidInterrupt
Anton Samarchyan
chillaranand
Srinivas Reddy Thatiparthy
Simon Charette
Adam Zapletal
Tobias Kroenke
Tore Lundqvist
Brian Gianforcaro
Aleksandra Tarkowska
Sergey Kolosov
Carl Meyer
David Bannon
Piotr Jakimiak
Michael Hall
Matt Robenolt
Berker Peksag