Commit Graph

164 Commits

Author SHA1 Message Date
CHI Cheng ed9cd4fd8b Fixed #21000 -- Made cached_db session backend respect SESSION_CACHE_ALIAS 2013-09-05 10:47:58 -04:00
Tim Graham b0ce6fe656 Fixed #20922 -- Allowed customizing the serializer used by contrib.sessions
Added settings.SESSION_SERIALIZER which is the import path of a serializer
to use for sessions.

Thanks apollo13, carljm, shaib, akaariai, charettes, and dstufft for reviews.
2013-08-22 13:58:26 -04:00
Claude Paroz fdd7a355bf Deprecated django.utils.importlib
This was a shim for pre-Python 2.7 support.
2013-07-29 17:10:22 +02:00
Aymeric Augustin cfcf4b3605 Stopped using django.utils.unittest in the test suite.
Refs #20680.
2013-07-01 14:29:33 +02:00
Matt Robenolt 5ff2ffa330 Define the SessionStore inside __init__ instead of process_request
It's unnecessary to run this on every request, since technically, settings *should be* immutable.
2013-06-30 09:43:02 +02:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Erik Romijn f88700d610 Fix #19664 -- Illegal Characters In Session Key Give Fatal Error On File Backend Only 2013-05-19 15:33:05 +02:00
Claude Paroz 9f7a01ef2b Updated translation templates and removed en translations
"en" translations have been mistakenly committed in 87cc3da81.
2013-05-02 16:25:23 +02:00
Claude Paroz 244e765a94 Updated translation templates 2013-03-28 10:06:11 +01:00
Aymeric Augustin ba5138b1c0 Deprecated transaction.commit/rollback_unless_managed.
Since "unless managed" now means "if database-level autocommit",
committing or rolling back doesn't have any effect.

Restored transactional integrity in a few places that relied on
automatically-started transactions with a transitory API.
2013-03-11 14:48:54 +01:00
Claude Paroz 87cc3da814 Merged contrib translations from 1.5 branch 2013-02-26 21:51:06 +01:00
Joeri Bekker b9cc61021a Fixed #9084 - Best approach for an OS to atomically rename the session file. 2013-02-24 14:21:40 +01:00
Mathijs de Bruin 8c1cc4b3b0 Fixed regression introduced in 146ed13a.
As override_settings was used after the initialization of the session backend,
we need to use a new session backend here.
2013-02-23 16:53:31 +01:00
Aymeric Augustin d913a8b412 Fixed #19356 -- Increased session key entropy. 2012-11-29 16:36:43 +01:00
Aymeric Augustin 11fd00c46e Fixed #19254 -- Bug in SESSION_FILE_PATH handling.
Thanks simonb for the report.

Refs #18194.
2012-11-06 10:19:14 +01:00
Aymeric Augustin 146ed13a11 Fixed #17083 -- Allowed sessions to use non-default cache. 2012-10-31 09:46:16 +01:00
Aymeric Augustin 58337b3223 Marked cookies-based session expiry test as an expected failure.
Refs #19201.
2012-10-28 18:03:23 +01:00
Aymeric Augustin 98032f67c7 Fixed #14093 -- Improved error message in the cache session backend.
Thanks stumbles for the patch.
2012-10-28 12:40:10 +01:00
Aymeric Augustin 5fec97b9df Fixed #18194 -- Expiration of file-based sessions
* Prevented stale session files from being loaded
* Added removal of stale session files in django-admin.py clearsessions

Thanks ej for the report, crodjer and Elvard for their inputs.
2012-10-28 09:19:38 +01:00
Aymeric Augustin 882c47cd40 Improved tests introduced in 04b00b6.
These tests are expected to fail for the file session backend because it
doesn't handle expiry properly. They didn't because of an error in the
test setup sequence.

Refs #19200, #18194.
2012-10-27 23:15:45 +02:00
Aymeric Augustin cd17a24083 Added optional kwargs to get_expiry_age/date.
This change allows for cleaner tests: we can test the exact output.

Refs #18194: this change makes it possible to compute session expiry
dates at times other than when the session is saved.

Fixed #18458: the existence of the `modification` kwarg implies that you
must pass it to get_expiry_age/date if you call these functions outside
of a short request - response cycle (the intended use case).
2012-10-27 23:15:45 +02:00
Aymeric Augustin 04b00b668d Fixed #19200 -- Session expiry with cached_db
Also did a little bit of cleanup.
2012-10-27 19:40:39 +02:00
Aymeric Augustin 83ba0a9d4b Fixed #18978 -- Moved cleanup command to sessions.
This removes a dependency of 'core' on 'contrib'.
2012-10-27 18:31:00 +02:00
Claude Paroz 58365401c9 Updated base translation files 2012-10-15 11:17:06 +02:00
Claude Paroz 486e67598f Fixed #10853 -- Skipped some sessions tests with dummy cache backend 2012-09-21 13:17:25 +02:00
Malcolm Tredinnick 5e99a3d41b Adjust d7853c5 to not show ignorable warnings when running tests. 2012-09-08 20:28:31 -04:00
Carl Meyer 67dceeef44 Remove a couple unused imports. 2012-09-08 14:30:11 -06:00
Claude Paroz d7853c55ed Removed warning check in test_load_overlong_key
Some backends issue a warning here, others not. This is not the primary
goal of the test, so the assertion about the warning has been removed.
Thanks Carl Meyer for noticing the issue and suggesting the fix.
2012-09-08 21:31:46 +02:00
Claude Paroz ebc773ada3 Replaced many smart_bytes by force_bytes
In all those occurrences, we didn't care about preserving the
lazy status of the strings, but we really wanted to obtain a
real bytestring.
2012-08-29 11:20:32 +02:00
Florian Apolloner 518af78e21 Removed unneeded smart_bytes import which was introduced in f2fff84bc. 2012-08-15 17:33:21 +02:00
Florian Apolloner f2fff84bc3 [py3] fixed session file backend. 2012-08-15 14:20:44 +02:00
Claude Paroz e0d67f3440 [py3] Fixed test_client_regress tests 2012-08-15 10:58:26 +02:00
Aymeric Augustin 212a512984 [py3] Avoided the deprecated base64 interface.
This fixes a deprecation warning under Python 3.
2012-08-14 23:45:12 +02:00
Claude Paroz 8a1f439d3a [py3] Fix encoding issues in contrib.sessions 2012-08-12 22:49:10 +02:00
Aymeric Augustin c5ef65bcf3 [py3] Ported django.utils.encoding.
* Renamed smart_unicode to smart_text (but kept the old name under
  Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
  and smart_bytes under Python 2 (which is backwards compatible).
  Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
  want a str.
2012-08-07 12:00:22 +02:00
Aymeric Augustin ee191715ea [py3] Fixed access to dict keys/values/items. 2012-08-07 12:00:22 +02:00
Aymeric Augustin a84d79f572 [py3] Added Python 3 compatibility for xrange. 2012-07-22 09:29:56 +02:00
Aymeric Augustin ca07fda2ef [py3] Switched to Python 3-compatible imports.
xrange/range will be dealt with in a separate commit due to the huge
number of changes.
2012-07-22 09:29:56 +02:00
Anssi Kääriäinen aeda55e6bf Fixed #3881 -- skip saving session when response status is 500
Saving session data is somewhat likely to lead into error when the
status code is 500. It is guaranteed to lead into error if the reason
for the 500 code is query error on PostgreSQL.
2012-07-16 20:57:55 +03:00
Claude Paroz 865cd35c9b Made more extensive usage of context managers with open. 2012-05-05 14:06:36 +02:00
Claude Paroz 11a5355517 Inserted more simplefilter calls to be sure warnings are emitted.
Thanks to Florian Apolloner for suggesting the patch.
2012-05-03 21:31:23 +02:00
Claude Paroz 00c0d3c44e Made warning assertions work with or without -Wall python switch 2012-05-03 20:18:05 +02:00
Claude Paroz 10cf3c6427 Used catch_warnings instead of save/restore methods. Refs #17049. 2012-05-03 18:30:07 +02:00
Claude Paroz 3904b74a3f Fixed #18013 -- Use the new 'as' syntax for exceptions.
Thanks Clueless for the initial patch.
Note that unittest has been purposely left out (external package only used by Python 2.6).
2012-04-29 20:57:15 +02:00
Claude Paroz 23d3459761 Fixed #17965 -- Definitely dropped support for Python 2.5. Thanks jonash for the initial patch and Aymeric Augustin for the review.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17834 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-31 08:24:29 +00:00
Aymeric Augustin eb163f37cb Use the class decorator syntax available in Python >= 2.6. Refs #17965.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17829 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-30 09:08:29 +00:00
Claude Paroz 9383a2761c Removed with_statement imports, useless in Python >= 2.6. Refs #17965. Thanks jonash for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17828 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-30 08:02:08 +00:00
Aymeric Augustin f356a2e52f Fixed #17810 (again). Catch session key errors.
The previous commit didn't work with PyLibMC.
This solution appears to be the best compromise
at this point in the 1.4 release cycle.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17797 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-23 16:14:46 +00:00
Jannis Leidel 46871eb1bb Fixed an incompatibility with Python 2.5 in the changes done in r17795. Refs #17810.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17796 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-23 09:32:11 +00:00
Paul McMillan 2ca9801956 Fixed #17810. Catch session key errors.
Catches memcached session key errors related to overly long session keys.
This is a long-standing bug, but severity was exacerbated by the addition
of cookie-backed session storage, which generates long session values. If
an installation switched from cookie-backed session store to memcached,
users would not be able to log in because of the server error from overly
long memcached keys.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@17795 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-23 05:31:11 +00:00