magic-removal: Added django.contrib.sessions in preparation for moving it out of django.models.core.

git-svn-id: http://code.djangoproject.com/svn/django/branches/magic-removal@1836 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-01-06 21:04:07 +00:00 · 2006-01-06 21:04:07 +00:00 · 170c4261fb
parent bb8fb814a6
commit 170c4261fb
2 changed files with 63 additions and 0 deletions
--- a/django/contrib/sessions/init.py
+++ b/django/contrib/sessions/init.py
--- a/django/contrib/sessions/models.py
+++ b/django/contrib/sessions/models.py
@ -0,0 +1,63 @@
 import base64, md5, random, sys
 import cPickle as pickle
 from django.db import models
 from django.utils.translation import gettext_lazy as _
 class SessionManager(models.Manager):
    def encode(self, session_dict):
        "Returns the given session dictionary pickled and encoded as a string."
        from django.conf.settings import SECRET_KEY
        pickled = pickle.dumps(session_dict)
        pickled_md5 = md5.new(pickled + SECRET_KEY).hexdigest()
        return base64.encodestring(pickled + pickled_md5)
    def get_new_session_key(self):
        "Returns session key that isn't being used."
        from django.conf.settings import SECRET_KEY
        # The random module is seeded when this Apache child is created.
        # Use person_id and SECRET_KEY as added salt.
        while 1:
            session_key = md5.new(str(random.randint(0, sys.maxint - 1)) + SECRET_KEY).hexdigest()
            try:
                self.get_object(session_key__exact=session_key)
            except self.klass.DoesNotExist:
                break
        return session_key
    def save(self, session_key, session_dict, expire_date):
        s = self.klass(session_key, self.encode(session_dict), expire_date)
        if session_dict:
            s.save()
        else:
            s.delete() # Clear sessions with no data.
        return s
 class Session(models.Model):
    session_key = models.CharField(_('session key'), maxlength=40, primary_key=True)
    session_data = models.TextField(_('session data'))
    expire_date = models.DateTimeField(_('expire date'))
    objects = SessionManager()
    class Meta:
        verbose_name = _('session')
        verbose_name_plural = _('sessions')
        module_constants = {
            'base64': base64,
            'md5': md5,
            'pickle': pickle,
            'random': random,
            'sys': sys,
        }
    def get_decoded(self):
        from django.conf.settings import SECRET_KEY
        encoded_data = base64.decodestring(self.session_data)
        pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
        if md5.new(pickled + SECRET_KEY).hexdigest() != tamper_check:
            from django.core.exceptions import SuspiciousOperation
            raise SuspiciousOperation, "User tampered with session cookie."
        try:
            return pickle.loads(pickled)
        # Unpickling can cause a variety of exceptions. If something happens,
        # just return an empty dictionary (an empty session).
        except:
            return {}