Commit Graph

252 Commits

Author SHA1 Message Date
Malcolm Tredinnick 213f294638 Avoid a crash when unencoding session data for the db backend. This is required
because some configurations of MySQL (with utf8_bin collation) will return
bytestring, rather than unicode data, which was causing problems previously.

Refs #8340.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8507 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 22:59:04 +00:00
Malcolm Tredinnick c8c159cbba When logging in, change the session key whilst preserving any existing
sesssion. This means the user will see their session preserved across a login
boundary, but somebody snooping the anonymous session key won't be able to view
the authenticated session data.

This is the final piece of the session key handling changes.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8459 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-21 13:54:53 +00:00
Malcolm Tredinnick eb85af1865 Fixed #8457 -- Fixed a missing import.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8451 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-20 21:12:45 +00:00
Malcolm Tredinnick 54f9a98713 Fixed #8351 -- Fixed the returned value when we attempt to load a cache-backed session object that doesn't alreayd exist.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8410 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-16 15:54:36 +00:00
Malcolm Tredinnick 0d48087a53 Made a few small tweaks to reduce persistent storage accesses in the session
backend. Refs #8311, although doesn't fix the problem there.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8381 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15 14:59:11 +00:00
Malcolm Tredinnick 9e423b51e3 Fixed #8314 -- Fixed an infinite loop caused when submitting a session key (via
a cookie) with no corresponding entry in the database.

This only affected the database backend, but I've applied the same fix to all
three backends for robustness.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8351 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 19:43:08 +00:00
Gary Wilson Jr f9301fa8f4 Removed some testing code inadvertently commited in [8348].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8349 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 15:41:38 +00:00
Gary Wilson Jr 788de6b5fd Fixed #8206 -- Removed validate methods of Model and Model fields. They are are unsupported for 1.0 and will be replaced with more complete model validation (refs #6845).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8348 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 15:37:43 +00:00
Malcolm Tredinnick 2da6628519 Fixed #8310 -- Actually use the SystemRandom RNG, if available, which fixes an
oversight from [8340]. The previous code worked, but this is what I really
intended.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8346 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 13:54:22 +00:00
Malcolm Tredinnick 9d83444f16 Fixed #6984 -- Make sure to load session data from the file (if necessary)
prior to truncating it during a save.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8344 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 03:58:09 +00:00
Malcolm Tredinnick 5e8efa9a60 Implemented a flush() method on sessions that cleans out the session and
regenerates the key. Used to ensure the caller gets a fresh session at logout,
for example.

Based on a patch from mrts. Refs #7515.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8342 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 03:57:46 +00:00
Malcolm Tredinnick 31ec68c5d9 Added a clear() method to sessions. Patch from mrts. Refs #7515.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8341 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 03:57:30 +00:00
Malcolm Tredinnick af7b6475ca Added guaranteed atomic creation of new session objects. Slightly backwards
incompatible for custom session backends.

Whilst we were in the neighbourhood, use a larger range of session key values
to save a small amount of time and use the hardware-base random numbers where
available (transparently falls back to pseudo-RNG otherwise).

Fixed #1080


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8340 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14 03:57:18 +00:00
Gary Wilson Jr c85c8f8891 Fixed #7919 -- md5 and sha modules are deprecated since Python 2.5, use hashlib module when available. Patch from Karen Tracey.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8193 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-02 05:56:57 +00:00
Malcolm Tredinnick 004ff03a8e Removed TEST_COOKIE_NAME and TEST_COOKIE_VALUE constants from
sessions.middleware. They haven't been used here since the great refactor and
are duplicated in sessions.backends.base.SessionBase.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8156 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-30 21:55:47 +00:00
Adrian Holovaty 29f0e8182f Fixed #7847 -- Removed a whole bunch of unused imports from throughout the codebase. Thanks, julien
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8046 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-22 03:24:09 +00:00
Gary Wilson Jr 5db4d60215 Several Django styling fixes in the `contrib.sessions` app.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7725 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-23 05:08:07 +00:00
Russell Keith-Magee dc7f21daf7 Fixed #7429 -- Modified the Session base class a little more dictionary-like by adding update(), has_key(), values(), and iterator access methods. Thanks to Jeremy Dunck for the suggestion and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7687 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-18 12:07:46 +00:00
Jacob Kaplan-Moss 8d4f79a799 Fixed #2548: added get/set_expiry methods to session objects. Thanks, Amit Upadhyay and SmileyChris.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7586 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-07 20:28:06 +00:00
Malcolm Tredinnick 9e47cc2e51 Fixed #5507 -- Use a more portable way to get at the system's tmpdir (fixes a
problem with the default on Windows). Thanks, Philippe Raoult.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7329 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-03-20 06:43:58 +00:00
Malcolm Tredinnick f1a24be01c Fixed #6481 -- Fixed a bunch of import problems (and some whitespace cleanups).
Found by Bastian Kleineidam with help from pyflakes. Thanks.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7131 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-02-19 00:08:08 +00:00
Malcolm Tredinnick 041e24dbde Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-01-06 12:53:09 +00:00
Jacob Kaplan-Moss 35921e570b Added a test for [6889]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6890 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-04 20:29:43 +00:00
Jacob Kaplan-Moss 602b7bca7a Fixed #6082: file-based sessions now verify that SESSION_FILE_PATH is a valid storage location, and raise ImproperlyConfigured if not. Thanks, jags78.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6889 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-04 20:24:22 +00:00
Malcolm Tredinnick 49da9ab57e Fixed #6087 -- Added setdefault() support to the Session object. Thanks, Ben
Slavin.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6831 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-02 15:27:29 +00:00
Malcolm Tredinnick cf21274b1a Fixed #6081 -- Removed unused code. Thanks, Ben Slavin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6796 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-12-01 18:10:14 +00:00
Gary Wilson Jr 8c442f21dc Fixed #5816 -- Fixed a regression from [6333] that generates incorrect cookie "expires" dates when using a locale other than English. Introduced `http_date` and `cookie_date` utility functions. Thanks for the report Michael Lemaire. Thanks for the patch Karen Tracey and `SmileyChris`.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6634 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-31 03:59:40 +00:00
Gary Wilson Jr a7a6a1b75d Fixed imports, indention, and a long line.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-29 23:55:08 +00:00
Malcolm Tredinnick 4c0d8d882d Fixed #4729 -- Restored functionality to the Session class so that popping a
value marks it as modified. This was accidentally lost in the changes in
[6333]. Thanks, __hawkeye__.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6558 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 10:12:59 +00:00
Malcolm Tredinnick e172e7be57 Fixed #4724 -- Added support for configurable session cookie paths. Helps with
multiple Django installs under the same hostname. Thanks, frej and Graham
Dumpleton.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-10-20 05:13:56 +00:00
Gary Wilson Jr e8c9e3a853 Fixed #5598 -- Restored needed imports that were removed in [6333]. Thanks, gav.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6425 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-25 23:16:11 +00:00
Adrian Holovaty 79dead9a24 Removed trailing whitespace in django/contrib/sessions/backends/base.py
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6388 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-20 04:35:03 +00:00
Adrian Holovaty 3db846cdb5 Fixed #5548 -- Reintroduced Jython workaround for os.getpid(), which was lost in [6270]. Thanks, leosoto
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6386 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-20 02:19:48 +00:00
Jacob Kaplan-Moss 771481695f Refs #5513: improved session performance after [6333]'s session refactoring. Thanks, msaelices.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6365 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-16 20:11:14 +00:00
Malcolm Tredinnick ae75958820 Fixed #5501 -- Fixed Python 2.3 and 2.4 incompatibility. Thanks, brosner.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6348 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-16 02:03:46 +00:00
Jacob Kaplan-Moss bcf7e9a9fe Fixed #2066: session data can now be stored in the cache or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 21:29:14 +00:00
Malcolm Tredinnick cd8959c82a Fixed #5486 -- Worked around the lack of os.getpid() in Jython, whilst still using it for CPython. Patch from Leo Soto.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6270 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15 09:51:41 +00:00
Gary Wilson Jr 212ee65be7 Fixed #2101 -- Renamed `maxlength` argument to `max_length` for oldforms `FormField`s and db model `Field`s. This is fully backwards compatible at the moment since the legacy `maxlength` argument is still supported. Using `maxlength` will, however, issue a `PendingDeprecationWarning` when used.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5803 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-08-05 05:14:46 +00:00
Malcolm Tredinnick 5dd9a2ab38 Fixed #4199 -- Changed date formatting in HTTP expires header to be spec
compliant. Thanks, Chris Bennett.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5712 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-16 03:50:22 +00:00
Malcolm Tredinnick 953badbea5 Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.

Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 12:11:04 +00:00
Adrian Holovaty f9a592d99d Fixed #4729 -- SessionWrapper.pop now sets modified flag if necessary. Thanks, Ben Slavin, SmileyChris and Collin Grady
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5592 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-03 15:02:40 +00:00
Malcolm Tredinnick 4a61c2f912 Fixed #4531 -- Added a bit more randomness to session idents. Thanks, Frank
Tegtmeyer.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5470 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-06-15 00:22:16 +00:00
Malcolm Tredinnick 4c53116144 Fixed #4338 -- Added pop() method to SessionWrapper. Thanks, Gary Wilson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5306 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-05-21 04:03:53 +00:00
Malcolm Tredinnick 29aa31d8f5 Reduced the chances of session object collision. The window of opportunity is
now about five Python instructions in get_or_create(). This doesn't guarantee
no collisions, but should fix many occurrences. Refs #1180.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@4771 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-03-22 02:20:33 +00:00
Malcolm Tredinnick c651b08f39 Fixed #3586 -- Only output "Vary: Cookie" HTTP header when the session object
is accessed. Leads to better caching performance. Thanks, Owen Griffiths.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@4680 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-03-08 08:46:59 +00:00
Adrian Holovaty 9d94355885 Fixed #2133 -- Invalid session cookie no longer causes fatal error. Thanks, greg-django@abbas.org
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4423 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-01-25 00:47:44 +00:00
Adrian Holovaty 45be33a632 Fixed #2523 -- Added SESSION_COOKIE_SECURE setting. Thanks, mir@noris.de
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3570 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-08-12 06:02:28 +00:00
Russell Keith-Magee 740a8d20f1 Fixed formatting of comments.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3392 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-07-20 03:32:24 +00:00
Malcolm Tredinnick b2e5c4ef02 Fixed #1422 -- Docstring improvements for the models in the admin app. Thanks
akaihola.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3167 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-20 04:07:32 +00:00
Adrian Holovaty 2abfd5dd58 Fixed #2109 -- Convert old-style classes to new-style classes throughout Django. Thanks, Nicola Larosa
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3113 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-08 05:00:13 +00:00
Adrian Holovaty 26b61aa813 Fixed #395 -- Added SESSION_EXPIRE_AT_BROWSER_CLOSE setting, which regulates whether session framework should use browser-session-length cookies.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3049 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-01 22:25:06 +00:00
Adrian Holovaty f69cf70ed8 MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-02 01:31:56 +00:00