p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

magic-removal: changed explicit settings import to qualified settings import in django.contrib.sessions 

git-svn-id: http://code.djangoproject.com/svn/django/branches/magic-removal@1997 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Georg Bauer 2006-01-16 15:07:24 +00:00
parent abeb5681b4
commit 596ee7e14b
2 changed files with 11 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
django/contrib/sessions/middleware.py
View File

@ -1,4 +1,4 @@
from django.conf.settings import SESSION_COOKIE_NAME, SESSION_COOKIE_AGE, SESSION_COOKIE_DOMAIN, SESSION_SAVE_EVERY_REQUEST from django.conf import settings
from django.contrib.sessions.models import Session from django.contrib.sessions.models import Session
from django.utils.cache import patch_vary_headers from django.utils.cache import patch_vary_headers
import datetime import datetime
@ -60,7 +60,7 @@ class SessionWrapper(object):
class SessionMiddleware: class SessionMiddleware:
def process_request(self, request): def process_request(self, request):
request.session = SessionWrapper(request.COOKIES.get(SESSION_COOKIE_NAME, None)) request.session = SessionWrapper(request.COOKIES.get(settings.SESSION_COOKIE_NAME, None))
def process_response(self, request, response): def process_response(self, request, response):
# If request.session was modified, or if response.session was set, save # If request.session was modified, or if response.session was set, save
@ -71,11 +71,11 @@ class SessionMiddleware:
except AttributeError: except AttributeError:
pass pass
else: else:
if modified or SESSION_SAVE_EVERY_REQUEST: if modified or settings.SESSION_SAVE_EVERY_REQUEST:
session_key = request.session.session_key or Session.objects.get_new_session_key() session_key = request.session.session_key or Session.objects.get_new_session_key()
new_session = Session.objects.save(session_key, request.session._session, new_session = Session.objects.save(session_key, request.session._session,
datetime.datetime.now() + datetime.timedelta(seconds=SESSION_COOKIE_AGE)) datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT") expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT")
response.set_cookie(SESSION_COOKIE_NAME, session_key, response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
max_age=SESSION_COOKIE_AGE, expires=expires, domain=SESSION_COOKIE_DOMAIN) max_age=settings.SESSION_COOKIE_AGE, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN)
return response return response

10
django/contrib/sessions/models.py
View File

@ -2,22 +2,21 @@ import base64, md5, random, sys
import cPickle as pickle import cPickle as pickle
from django.db import models from django.db import models
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from django.conf import settings
class SessionManager(models.Manager): class SessionManager(models.Manager):
def encode(self, session_dict): def encode(self, session_dict):
"Returns the given session dictionary pickled and encoded as a string." "Returns the given session dictionary pickled and encoded as a string."
from django.conf.settings import SECRET_KEY
pickled = pickle.dumps(session_dict) pickled = pickle.dumps(session_dict)
pickled_md5 = md5.new(pickled + SECRET_KEY).hexdigest() pickled_md5 = md5.new(pickled + settings.SECRET_KEY).hexdigest()
return base64.encodestring(pickled + pickled_md5) return base64.encodestring(pickled + pickled_md5)
def get_new_session_key(self): def get_new_session_key(self):
"Returns session key that isn't being used." "Returns session key that isn't being used."
from django.conf.settings import SECRET_KEY
# The random module is seeded when this Apache child is created. # The random module is seeded when this Apache child is created.
# Use person_id and SECRET_KEY as added salt. # Use person_id and SECRET_KEY as added salt.
while 1: while 1:
session_key = md5.new(str(random.randint(0, sys.maxint - 1)) + str(random.randint(0, sys.maxint - 1)) + SECRET_KEY).hexdigest() session_key = md5.new(str(random.randint(0, sys.maxint - 1)) + str(random.randint(0, sys.maxint - 1)) + settings.SECRET_KEY).hexdigest()
try: try:
self.get_object(session_key__exact=session_key) self.get_object(session_key__exact=session_key)
except self.klass.DoesNotExist: except self.klass.DoesNotExist:
@ -50,10 +49,9 @@ class Session(models.Model):
} }
def get_decoded(self): def get_decoded(self):
from django.conf.settings import SECRET_KEY
encoded_data = base64.decodestring(self.session_data) encoded_data = base64.decodestring(self.session_data)
pickled, tamper_check = encoded_data[:-32], encoded_data[-32:] pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
if md5.new(pickled + SECRET_KEY).hexdigest() != tamper_check: if md5.new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
from django.core.exceptions import SuspiciousOperation from django.core.exceptions import SuspiciousOperation
raise SuspiciousOperation, "User tampered with session cookie." raise SuspiciousOperation, "User tampered with session cookie."
try: try: