Fixed a subtle corner case whereby sending a bad session ID generates new (unused) session entries in the database table.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-01-06 12:53:09 +00:00 · 2008-01-06 12:53:09 +00:00 · 041e24dbde
parent 70fe1ef262
commit 041e24dbde
2 changed files with 20 additions and 16 deletions
--- a/django/contrib/sessions/backends/db.py
+++ b/django/contrib/sessions/backends/db.py
@ -26,6 +26,8 @@ class SessionStore(SessionBase):

            # Save immediately to minimize collision
            self.save()
+            # Ensure the user is notified via a new cookie.
+            self.modified = True
            return {}

    def exists(self, session_key):
--- a/django/contrib/sessions/backends/file.py
+++ b/django/contrib/sessions/backends/file.py
@ -46,6 +46,8 @@ class SessionStore(SessionBase):
                    self._session_key = self._get_new_session_key()
                    self._session_cache = {}
                    self.save()
+                    # Ensure the user is notified via a new cookie.
+                    self.modified = True
            finally:
                session_file.close()
        except(IOError):