If the current sessions user was logged in via a remote user backend log out
the user if REMOTE_USER header not available - otherwise leave it to other auth
middleware to install the AnonymousUser.
Thanks to Sylvain Bouchard for the initial patch and ticket maintenance.
loads has no way to tell if it should provide text or bytes to the
serializer; bytes are more reasonnable for a serialized representation,
and are the only option for pickled data.
dumps can perform conversions on the value it receives from the
serializer; but for consistency it seems better to require bytes too.
The current code would cause an exception when loading pickled session
data. See next commit.
Also fixed a bug when checking for compressed data.
Backport of 58a086a from master.
There was a potential data-loss issue involved -- when clearing
instance's m2m assignments it was possible some other instance's
m2m data was deleted instead.
This commit also improved None handling for to_field cases.
Backpatch of 611c4d6f1c
* Prevented stale session files from being loaded
* Added removal of stale session files in django-admin.py clearsessions
Thanks ej for the report, crodjer and Elvard for their inputs.
Backport of 5fec97b from master.
These tests are expected to fail for the file session backend because it
doesn't handle expiry properly. They didn't because of an error in the
test setup sequence.
Refs #19200, #18194.
Backport of 882c47c from master.
This change allows for cleaner tests: we can test the exact output.
Refs #18194: this change makes it possible to compute session expiry
dates at times other than when the session is saved.
Fixed#18458: the existence of the `modification` kwarg implies that you
must pass it to get_expiry_age/date if you call these functions outside
of a short request - response cycle (the intended use case).
Backport of cd17a24 from master.
This removes a dependency of 'core' on 'contrib'.
Backport of 83ba0a9 from master.
This deprecation occurs after the alpha, but it's a prerequisite
for fixing decently #18194 which is a release blocker.
There was a bug introduced in #18676 which caused fast-path deletes
implemented as "DELETE WHERE pk IN <subquery>" to fail if the SELECT
clause contained additional stuff (for example extra() and annotate()).
Thanks to Trac alias pressureman for spotting this regression.
This case was originally designed to handle Exception's which didn't gracefully support coercing themselves to unicode. However, because it lives in the `else` case of `if hasattr(s, '__unicode__'):` we can be sure it's no longer reachable in djanog anymore, because since Python 2.5 exception has subclassed object, which means Exception objects always have an __unicode__ method.
Andrew Godwin
Aymeric Augustin
Claude Paroz
Preston Holmes
Russell Keith-Magee
Luke Plant
Anssi Kääriäinen
Ian Clelland
James Bennett
Alex Gaynor
Carl Meyer
Jan Bednařík