mirror of https://github.com/django/django.git
This also removes the implicit initialization of the session key on the first access in favor of explicit initialization. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17155 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Aymeric Augustin
parent
fb7ab7730d
commit
bda21e2b9d
|
|
@ -54,12 +54,6 @@ class SessionBase(object):
|
||||||
del self._session[key]
|
del self._session[key]
|
||||||
self.modified = True
|
self.modified = True
|
||||||
|
|
||||||
def keys(self):
|
|
||||||
return self._session.keys()
|
|
||||||
|
|
||||||
def items(self):
|
|
||||||
return self._session.items()
|
|
||||||
|
|
||||||
def get(self, key, default=None):
|
def get(self, key, default=None):
|
||||||
return self._session.get(key, default)
|
return self._session.get(key, default)
|
||||||
|
|
||||||
|
|
@ -116,9 +110,15 @@ class SessionBase(object):
|
||||||
def has_key(self, key):
|
def has_key(self, key):
|
||||||
return key in self._session
|
return key in self._session
|
||||||
|
|
||||||
|
def keys(self):
|
||||||
|
return self._session.keys()
|
||||||
|
|
||||||
def values(self):
|
def values(self):
|
||||||
return self._session.values()
|
return self._session.values()
|
||||||
|
|
||||||
|
def items(self):
|
||||||
|
return self._session.items()
|
||||||
|
|
||||||
def iterkeys(self):
|
def iterkeys(self):
|
||||||
return self._session.iterkeys()
|
return self._session.iterkeys()
|
||||||
|
|
||||||
|
|
@ -145,7 +145,7 @@ class SessionBase(object):
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
# No getpid() in Jython, for example
|
# No getpid() in Jython, for example
|
||||||
pid = 1
|
pid = 1
|
||||||
while 1:
|
while True:
|
||||||
session_key = hashlib.md5("%s%s%s%s"
|
session_key = hashlib.md5("%s%s%s%s"
|
||||||
% (randrange(0, MAX_SESSION_KEY), pid, time.time(),
|
% (randrange(0, MAX_SESSION_KEY), pid, time.time(),
|
||||||
settings.SECRET_KEY)).hexdigest()
|
settings.SECRET_KEY)).hexdigest()
|
||||||
|
|
@ -153,17 +153,15 @@ class SessionBase(object):
|
||||||
break
|
break
|
||||||
return session_key
|
return session_key
|
||||||
|
|
||||||
def _get_session_key(self):
|
def _get_or_create_session_key(self):
|
||||||
if self._session_key:
|
if self._session_key is None:
|
||||||
return self._session_key
|
|
||||||
else:
|
|
||||||
self._session_key = self._get_new_session_key()
|
self._session_key = self._get_new_session_key()
|
||||||
return self._session_key
|
return self._session_key
|
||||||
|
|
||||||
def _set_session_key(self, session_key):
|
def _get_session_key(self):
|
||||||
self._session_key = session_key
|
return self._session_key
|
||||||
|
|
||||||
session_key = property(_get_session_key, _set_session_key)
|
session_key = property(_get_session_key)
|
||||||
|
|
||||||
def _get_session(self, no_load=False):
|
def _get_session(self, no_load=False):
|
||||||
"""
|
"""
|
||||||
|
|
@ -174,7 +172,7 @@ class SessionBase(object):
|
||||||
try:
|
try:
|
||||||
return self._session_cache
|
return self._session_cache
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
if self._session_key is None or no_load:
|
if self.session_key is None or no_load:
|
||||||
self._session_cache = {}
|
self._session_cache = {}
|
||||||
else:
|
else:
|
||||||
self._session_cache = self.load()
|
self._session_cache = self.load()
|
||||||
|
|
|
||||||
|
|
@ -11,8 +11,12 @@ class SessionStore(SessionBase):
|
||||||
self._cache = cache
|
self._cache = cache
|
||||||
super(SessionStore, self).__init__(session_key)
|
super(SessionStore, self).__init__(session_key)
|
||||||
|
|
||||||
|
@property
|
||||||
|
def cache_key(self):
|
||||||
|
return KEY_PREFIX + self._get_or_create_session_key()
|
||||||
|
|
||||||
def load(self):
|
def load(self):
|
||||||
session_data = self._cache.get(KEY_PREFIX + self.session_key)
|
session_data = self._cache.get(self.cache_key)
|
||||||
if session_data is not None:
|
if session_data is not None:
|
||||||
return session_data
|
return session_data
|
||||||
self.create()
|
self.create()
|
||||||
|
|
@ -25,7 +29,7 @@ class SessionStore(SessionBase):
|
||||||
# and then raise an exception. That's the risk you shoulder if using
|
# and then raise an exception. That's the risk you shoulder if using
|
||||||
# cache backing.
|
# cache backing.
|
||||||
for i in xrange(10000):
|
for i in xrange(10000):
|
||||||
self.session_key = self._get_new_session_key()
|
self._session_key = self._get_new_session_key()
|
||||||
try:
|
try:
|
||||||
self.save(must_create=True)
|
self.save(must_create=True)
|
||||||
except CreateError:
|
except CreateError:
|
||||||
|
|
@ -39,7 +43,8 @@ class SessionStore(SessionBase):
|
||||||
func = self._cache.add
|
func = self._cache.add
|
||||||
else:
|
else:
|
||||||
func = self._cache.set
|
func = self._cache.set
|
||||||
result = func(KEY_PREFIX + self.session_key, self._get_session(no_load=must_create),
|
result = func(self.cache_key,
|
||||||
|
self._get_session(no_load=must_create),
|
||||||
self.get_expiry_age())
|
self.get_expiry_age())
|
||||||
if must_create and not result:
|
if must_create and not result:
|
||||||
raise CreateError
|
raise CreateError
|
||||||
|
|
@ -49,8 +54,7 @@ class SessionStore(SessionBase):
|
||||||
|
|
||||||
def delete(self, session_key=None):
|
def delete(self, session_key=None):
|
||||||
if session_key is None:
|
if session_key is None:
|
||||||
if self._session_key is None:
|
if self.session_key is None:
|
||||||
return
|
return
|
||||||
session_key = self._session_key
|
session_key = self.session_key
|
||||||
self._cache.delete(KEY_PREFIX + session_key)
|
self._cache.delete(KEY_PREFIX + session_key)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,12 +16,15 @@ class SessionStore(DBStore):
|
||||||
def __init__(self, session_key=None):
|
def __init__(self, session_key=None):
|
||||||
super(SessionStore, self).__init__(session_key)
|
super(SessionStore, self).__init__(session_key)
|
||||||
|
|
||||||
|
@property
|
||||||
|
def cache_key(self):
|
||||||
|
return KEY_PREFIX + self._get_or_create_session_key()
|
||||||
|
|
||||||
def load(self):
|
def load(self):
|
||||||
data = cache.get(KEY_PREFIX + self.session_key, None)
|
data = cache.get(self.cache_key, None)
|
||||||
if data is None:
|
if data is None:
|
||||||
data = super(SessionStore, self).load()
|
data = super(SessionStore, self).load()
|
||||||
cache.set(KEY_PREFIX + self.session_key, data,
|
cache.set(self.cache_key, data, settings.SESSION_COOKIE_AGE)
|
||||||
settings.SESSION_COOKIE_AGE)
|
|
||||||
return data
|
return data
|
||||||
|
|
||||||
def exists(self, session_key):
|
def exists(self, session_key):
|
||||||
|
|
@ -29,12 +32,15 @@ class SessionStore(DBStore):
|
||||||
|
|
||||||
def save(self, must_create=False):
|
def save(self, must_create=False):
|
||||||
super(SessionStore, self).save(must_create)
|
super(SessionStore, self).save(must_create)
|
||||||
cache.set(KEY_PREFIX + self.session_key, self._session,
|
cache.set(self.cache_key, self._session, settings.SESSION_COOKIE_AGE)
|
||||||
settings.SESSION_COOKIE_AGE)
|
|
||||||
|
|
||||||
def delete(self, session_key=None):
|
def delete(self, session_key=None):
|
||||||
super(SessionStore, self).delete(session_key)
|
super(SessionStore, self).delete(session_key)
|
||||||
cache.delete(KEY_PREFIX + (session_key or self.session_key))
|
if session_key is None:
|
||||||
|
if self.session_key is None:
|
||||||
|
return
|
||||||
|
session_key = self.session_key
|
||||||
|
cache.delete(KEY_PREFIX + session_key)
|
||||||
|
|
||||||
def flush(self):
|
def flush(self):
|
||||||
"""
|
"""
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,7 @@ class SessionStore(SessionBase):
|
||||||
|
|
||||||
def create(self):
|
def create(self):
|
||||||
while True:
|
while True:
|
||||||
self.session_key = self._get_new_session_key()
|
self._session_key = self._get_new_session_key()
|
||||||
try:
|
try:
|
||||||
# Save immediately to ensure we have a unique entry in the
|
# Save immediately to ensure we have a unique entry in the
|
||||||
# database.
|
# database.
|
||||||
|
|
@ -52,9 +52,9 @@ class SessionStore(SessionBase):
|
||||||
entry).
|
entry).
|
||||||
"""
|
"""
|
||||||
obj = Session(
|
obj = Session(
|
||||||
session_key = self.session_key,
|
session_key=self._get_or_create_session_key(),
|
||||||
session_data = self.encode(self._get_session(no_load=must_create)),
|
session_data=self.encode(self._get_session(no_load=must_create)),
|
||||||
expire_date = self.get_expiry_date()
|
expire_date=self.get_expiry_date()
|
||||||
)
|
)
|
||||||
using = router.db_for_write(Session, instance=obj)
|
using = router.db_for_write(Session, instance=obj)
|
||||||
sid = transaction.savepoint(using=using)
|
sid = transaction.savepoint(using=using)
|
||||||
|
|
@ -68,9 +68,9 @@ class SessionStore(SessionBase):
|
||||||
|
|
||||||
def delete(self, session_key=None):
|
def delete(self, session_key=None):
|
||||||
if session_key is None:
|
if session_key is None:
|
||||||
if self._session_key is None:
|
if self.session_key is None:
|
||||||
return
|
return
|
||||||
session_key = self._session_key
|
session_key = self.session_key
|
||||||
try:
|
try:
|
||||||
Session.objects.get(session_key=session_key).delete()
|
Session.objects.get(session_key=session_key).delete()
|
||||||
except Session.DoesNotExist:
|
except Session.DoesNotExist:
|
||||||
|
|
|
||||||
|
|
@ -33,7 +33,7 @@ class SessionStore(SessionBase):
|
||||||
Get the file associated with this session key.
|
Get the file associated with this session key.
|
||||||
"""
|
"""
|
||||||
if session_key is None:
|
if session_key is None:
|
||||||
session_key = self.session_key
|
session_key = self._get_or_create_session_key()
|
||||||
|
|
||||||
# Make sure we're not vulnerable to directory traversal. Session keys
|
# Make sure we're not vulnerable to directory traversal. Session keys
|
||||||
# should always be md5s, so they should never contain directory
|
# should always be md5s, so they should never contain directory
|
||||||
|
|
@ -135,9 +135,9 @@ class SessionStore(SessionBase):
|
||||||
|
|
||||||
def delete(self, session_key=None):
|
def delete(self, session_key=None):
|
||||||
if session_key is None:
|
if session_key is None:
|
||||||
if self._session_key is None:
|
if self.session_key is None:
|
||||||
return
|
return
|
||||||
session_key = self._session_key
|
session_key = self.session_key
|
||||||
try:
|
try:
|
||||||
os.unlink(self._key_to_file(session_key))
|
os.unlink(self._key_to_file(session_key))
|
||||||
except OSError:
|
except OSError:
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,7 @@ class SessionStore(SessionBase):
|
||||||
raises BadSignature if signature fails.
|
raises BadSignature if signature fails.
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
return signing.loads(self._session_key,
|
return signing.loads(self.session_key,
|
||||||
serializer=PickleSerializer,
|
serializer=PickleSerializer,
|
||||||
max_age=settings.SESSION_COOKIE_AGE,
|
max_age=settings.SESSION_COOKIE_AGE,
|
||||||
salt='django.contrib.sessions.backends.signed_cookies')
|
salt='django.contrib.sessions.backends.signed_cookies')
|
||||||
|
|
|
||||||
|
|
@ -136,6 +136,7 @@ class SessionTestsMixin(object):
|
||||||
self.assertTrue(self.session.exists(self.session.session_key))
|
self.assertTrue(self.session.exists(self.session.session_key))
|
||||||
|
|
||||||
def test_delete(self):
|
def test_delete(self):
|
||||||
|
self.session.save()
|
||||||
self.session.delete(self.session.session_key)
|
self.session.delete(self.session.session_key)
|
||||||
self.assertFalse(self.session.exists(self.session.session_key))
|
self.assertFalse(self.session.exists(self.session.session_key))
|
||||||
|
|
||||||
|
|
@ -175,6 +176,11 @@ class SessionTestsMixin(object):
|
||||||
# session key; make sure that entry is manually deleted
|
# session key; make sure that entry is manually deleted
|
||||||
session.delete('1')
|
session.delete('1')
|
||||||
|
|
||||||
|
def test_session_key_is_read_only(self):
|
||||||
|
def set_session_key(session):
|
||||||
|
session.session_key = session._get_new_session_key()
|
||||||
|
self.assertRaises(AttributeError, set_session_key, self.session)
|
||||||
|
|
||||||
# Custom session expiry
|
# Custom session expiry
|
||||||
def test_default_expiry(self):
|
def test_default_expiry(self):
|
||||||
# A normal session has a max age equal to settings
|
# A normal session has a max age equal to settings
|
||||||
|
|
@ -375,7 +381,7 @@ class SessionMiddlewareTests(unittest.TestCase):
|
||||||
|
|
||||||
# Handle the response through the middleware
|
# Handle the response through the middleware
|
||||||
response = middleware.process_response(request, response)
|
response = middleware.process_response(request, response)
|
||||||
#if it isn't in the cookie, that's fine (Python 2.5).
|
# If it isn't in the cookie, that's fine (Python 2.5)
|
||||||
if 'httponly' in settings.SESSION_COOKIE_NAME:
|
if 'httponly' in settings.SESSION_COOKIE_NAME:
|
||||||
self.assertFalse(
|
self.assertFalse(
|
||||||
response.cookies[settings.SESSION_COOKIE_NAME]['httponly'])
|
response.cookies[settings.SESSION_COOKIE_NAME]['httponly'])
|
||||||
|
|
|
||||||
|
|
@ -14,13 +14,13 @@ class SessionStore(SessionBase):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def create(self):
|
def create(self):
|
||||||
self.session_key = self.encode({})
|
self._session_key = self.encode({})
|
||||||
|
|
||||||
def save(self, must_create=False):
|
def save(self, must_create=False):
|
||||||
self.session_key = self.encode(self._session)
|
self._session_key = self.encode(self._session)
|
||||||
|
|
||||||
def delete(self, session_key=None):
|
def delete(self, session_key=None):
|
||||||
self.session_key = self.encode({})
|
self._session_key = self.encode({})
|
||||||
|
|
||||||
def load(self):
|
def load(self):
|
||||||
try:
|
try:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue