diff --git a/django/contrib/sessions/middleware.py b/django/contrib/sessions/middleware.py index 2e744e403a..fcf4e1504a 100644 --- a/django/contrib/sessions/middleware.py +++ b/django/contrib/sessions/middleware.py @@ -1,4 +1,4 @@ -from django.conf.settings import SESSION_COOKIE_NAME, SESSION_COOKIE_AGE, SESSION_COOKIE_DOMAIN, SESSION_SAVE_EVERY_REQUEST +from django.conf import settings from django.contrib.sessions.models import Session from django.utils.cache import patch_vary_headers import datetime @@ -60,7 +60,7 @@ class SessionWrapper(object): class SessionMiddleware: def process_request(self, request): - request.session = SessionWrapper(request.COOKIES.get(SESSION_COOKIE_NAME, None)) + request.session = SessionWrapper(request.COOKIES.get(settings.SESSION_COOKIE_NAME, None)) def process_response(self, request, response): # If request.session was modified, or if response.session was set, save @@ -71,11 +71,11 @@ class SessionMiddleware: except AttributeError: pass else: - if modified or SESSION_SAVE_EVERY_REQUEST: + if modified or settings.SESSION_SAVE_EVERY_REQUEST: session_key = request.session.session_key or Session.objects.get_new_session_key() new_session = Session.objects.save(session_key, request.session._session, - datetime.datetime.now() + datetime.timedelta(seconds=SESSION_COOKIE_AGE)) - expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT") - response.set_cookie(SESSION_COOKIE_NAME, session_key, - max_age=SESSION_COOKIE_AGE, expires=expires, domain=SESSION_COOKIE_DOMAIN) + datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE)) + expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT") + response.set_cookie(settings.SESSION_COOKIE_NAME, session_key, + max_age=settings.SESSION_COOKIE_AGE, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN) return response diff --git a/django/contrib/sessions/models.py b/django/contrib/sessions/models.py index 4398071339..f5abde73b1 100644 --- a/django/contrib/sessions/models.py +++ b/django/contrib/sessions/models.py @@ -2,22 +2,21 @@ import base64, md5, random, sys import cPickle as pickle from django.db import models from django.utils.translation import gettext_lazy as _ +from django.conf import settings class SessionManager(models.Manager): def encode(self, session_dict): "Returns the given session dictionary pickled and encoded as a string." - from django.conf.settings import SECRET_KEY pickled = pickle.dumps(session_dict) - pickled_md5 = md5.new(pickled + SECRET_KEY).hexdigest() + pickled_md5 = md5.new(pickled + settings.SECRET_KEY).hexdigest() return base64.encodestring(pickled + pickled_md5) def get_new_session_key(self): "Returns session key that isn't being used." - from django.conf.settings import SECRET_KEY # The random module is seeded when this Apache child is created. # Use person_id and SECRET_KEY as added salt. while 1: - session_key = md5.new(str(random.randint(0, sys.maxint - 1)) + str(random.randint(0, sys.maxint - 1)) + SECRET_KEY).hexdigest() + session_key = md5.new(str(random.randint(0, sys.maxint - 1)) + str(random.randint(0, sys.maxint - 1)) + settings.SECRET_KEY).hexdigest() try: self.get_object(session_key__exact=session_key) except self.klass.DoesNotExist: @@ -50,10 +49,9 @@ class Session(models.Model): } def get_decoded(self): - from django.conf.settings import SECRET_KEY encoded_data = base64.decodestring(self.session_data) pickled, tamper_check = encoded_data[:-32], encoded_data[-32:] - if md5.new(pickled + SECRET_KEY).hexdigest() != tamper_check: + if md5.new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check: from django.core.exceptions import SuspiciousOperation raise SuspiciousOperation, "User tampered with session cookie." try: