Commit Graph

53 Commits

Author SHA1 Message Date
Tim Graham 44469af34b [1.6.x] Fixed typo in topics/http/sessions.txt.
Backport of 9348fc5628 from master
2013-11-18 19:11:33 -05:00
Tim Graham 5bb975a139 [1.6.x] Added a warning regarding session security and subdomains.
Backport of a3372f67cb from master
2013-10-18 09:44:29 -04:00
Tim Graham 9b89fcc0b0 [1.6.x] Clarified session replay attack differences with cookie backend.
Backport of 00a0d3de02 from master
2013-10-02 10:15:36 -04:00
Markus Amalthea Magnuson 9888bb28ee [1.6.x] Added missing "in" in sentence.
Backport of 2c5c422d34 from master
2013-09-19 13:29:48 -04:00
Tim Graham c0fb6bdde3 [1.6.x] Fixed #21002 -- Documented JSON session serialization requires string keys
Thanks jeroen.pulles at redslider.net for the report.

Backport of 3baf1d1042 from master
2013-09-03 07:49:59 -04:00
Tim Graham 5f061986b9 [1.6.x] Fixed #20922 -- Allowed customizing the serializer used by contrib.sessions
Added settings.SESSION_SERIALIZER which is the import path of a serializer
to use for sessions.

Thanks apollo13, carljm, shaib, akaariai, charettes, and dstufft for reviews.

Backport of b0ce6fe656 from master
2013-08-22 17:55:01 -04:00
Aymeric Augustin 753edfa4b5 Fixed a rest mistake I introduced in d5ce2ff. 2013-05-19 12:14:44 +02:00
Marc Tamlyn d9c01da1f8 Improve cookie based session backend docs.
Note the don't require sessions to be in installed apps.
2013-05-19 11:24:35 +02:00
Erik Romijn d5ce2ff5e4 Fixed #20444 -- Cookie-based sessions does not include a remote code execution-warning 2013-05-18 16:53:13 +02:00
Juan Catalano 78c842a323 Adapted uses of versionchanged/versionadded to the new form.
Refs #20104.
2013-04-20 17:18:35 +02:00
Baptiste Mispelon 2c27300f34 Fix #20195: wrong reference in session settings documentation. 2013-04-04 18:12:12 +02:00
Tim Graham fe5d9fe5fe Fixed #19962 - Added a note about SESSION_EXPIRE_AT_BROWSER_CLOSE and browsers that persist sessions.
Thanks David Sanders.
2013-03-02 10:11:23 -05:00
Tim Graham ba50d3e05b Fixed #14633 - Organized settings reference docs and added a topical index.
Thanks Gabriel Hurley for the original idea
and adamv for the draft patch.
2013-01-12 18:44:53 -05:00
Aymeric Augustin 7ee7599ab3 Removed versionadded/changed annotations dating back to 1.4. 2012-12-29 21:59:08 +01:00
Tim Graham 067505ad19 Fixed broken links, round 4. refs #19516 2012-12-29 15:54:33 -05:00
Aymeric Augustin 146ed13a11 Fixed #17083 -- Allowed sessions to use non-default cache. 2012-10-31 09:46:16 +01:00
Aymeric Augustin 5fec97b9df Fixed #18194 -- Expiration of file-based sessions
* Prevented stale session files from being loaded
* Added removal of stale session files in django-admin.py clearsessions

Thanks ej for the report, crodjer and Elvard for their inputs.
2012-10-28 09:19:38 +01:00
Aymeric Augustin cd17a24083 Added optional kwargs to get_expiry_age/date.
This change allows for cleaner tests: we can test the exact output.

Refs #18194: this change makes it possible to compute session expiry
dates at times other than when the session is saved.

Fixed #18458: the existence of the `modification` kwarg implies that you
must pass it to get_expiry_age/date if you call these functions outside
of a short request - response cycle (the intended use case).
2012-10-27 23:15:45 +02:00
Aymeric Augustin 83ba0a9d4b Fixed #18978 -- Moved cleanup command to sessions.
This removes a dependency of 'core' on 'contrib'.
2012-10-27 18:31:00 +02:00
Preston Holmes 31dcaf49a0 Fixed an error in cookie documentation 2012-10-17 14:53:21 -07:00
Anssi Kääriäinen aeda55e6bf Fixed #3881 -- skip saving session when response status is 500
Saving session data is somewhat likely to lead into error when the
status code is 500. It is guaranteed to lead into error if the reason
for the 500 code is query error on PostgreSQL.
2012-07-16 20:57:55 +03:00
Claude Paroz 8a5d1a6b93 Updated obsolete links in the documentation 2012-06-28 10:49:07 +02:00
Aymeric Augustin 17f3e9258e Fixed #18397 -- Avoided referencing lawrence.com.
This commit includes multiple small related changes, see the ticket
for a full discussion.
2012-06-07 11:50:20 +02:00
Aymeric Augustin 5116c51b40 Clarified that Django randomizes session keys. Refs #11555, #13478, #18128.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17911 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-04-15 16:34:13 +00:00
Paul McMillan 4d975b4f88 Fixed #16847. Session Cookies now default to httponly = True.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17135 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-21 22:03:03 +00:00
Jannis Leidel c20d33201c Fixed #17223 -- Correctly reference the signed cookies session backend. Thanks, Bryan Veloso.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17101 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-17 21:16:42 +00:00
Luke Plant 4209ff1fcd Fixed typo in my last commit.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17005 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-17 15:52:01 +00:00
Luke Plant 6205a348f0 Added warning about replay attacks when using the cookies backend for sessions.
The paragraph about encryption was reworded for clarity.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17004 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-17 15:43:24 +00:00
Luke Plant d1e5c55258 Fixed many more ReST indentation errors, somehow accidentally missed from [16955]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16983 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-10-14 00:12:01 +00:00
Ramiro Morales 932b1b8d6d Converted links to external topics so they use intersphinx extension markup.
This allows to make these links more resilent to changes in the target URLs.
Thanks Jannis for the report and Aymeric Augustin for the patch.

Fixes #16586.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16720 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-04 21:17:30 +00:00
Timo Graham 2ac0b97d43 Fixed #16595 - Add pop() to session docs; thanks wilfred.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-08-20 19:22:34 +00:00
Jannis Leidel c817f2f544 Fixed #16199 -- Added a Cookie based session backend. Many thanks to Eric Florenzano for his initial work and Florian Apollaner for reviewing.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16466 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-26 17:00:24 +00:00
Jannis Leidel 49f57a5d28 Fixed #15992 -- Added more references to settings. Thanks, aaugustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16290 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-29 17:41:04 +00:00
Chris Beaven 26156794f1 Tidy up the sessions documentation creating links for session methods and crosslinking settings
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16245 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-20 00:51:25 +00:00
Timo Graham 2ea93f9327 Fixed #14000 - remove versionadded/changed tags for Django 1.0 and 1.1
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15055 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-26 00:37:14 +00:00
Timo Graham 00c554f89e Fixed #13020 - add clarifying note to SessionStore. thanks elbarto for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15053 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-25 20:46:15 +00:00
Russell Keith-Magee 78be884ea7 Fixed #3304 -- Added support for HTTPOnly cookies. Thanks to arvin for the suggestion, and rodolfo for the draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14707 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-26 13:30:50 +00:00
Jacob Kaplan-Moss 728effcfbd Fixed #14141: docs now use the :doc: construct for links between documents.
Thanks, Ramiro Morales.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13608 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-19 19:27:44 +00:00
Russell Keith-Magee 3057a59ec4 Fixed #11933 -- Corrected the naming of the cached_db session backend. Thanks to mb0@mb0.org for the report and Gabriel Hurley for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13169 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-09 06:44:12 +00:00
Russell Keith-Magee 2b05231310 Fixed #8357 -- Clarified what constitutes activity when calculating session expiry. Thanks to timo for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13113 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-06 01:35:02 +00:00
Russell Keith-Magee 962defed0a Fixed #13200 -- Updated the DB session backend to make full use of routers, deprecating the need for the SESSION_DB_ALIAS setting. Thanks to rokclimb15 for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12844 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-25 10:29:06 +00:00
Russell Keith-Magee 6237768b51 Fixed #11933 -- Added versionchanged marker for the cache_db session backend. Thanks to gabrielhurley for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12569 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-24 14:49:38 +00:00
Russell Keith-Magee ff60c5f9de Fixed #1142 -- Added multiple database support.
This monster of a patch is the result of Alex Gaynor's 2009 Google Summer of Code project.
Congratulations to Alex for a job well done.

Big thanks also go to:
 * Justin Bronn for keeping GIS in line with the changes,
 * Karen Tracey and Jani Tiainen for their help testing Oracle support
 * Brett Hoerner, Jon Loyens, and Craig Kimmerer for their feedback.
 * Malcolm Treddinick for his guidance during the GSoC submission process.
 * Simon Willison for driving the original design process
 * Cal Henderson for complaining about ponies he wanted.

... and everyone else too numerous to mention that helped to bring this feature into fruition.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11952 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-22 15:18:51 +00:00
Russell Keith-Magee 8b6a2c11e4 Fixed #11073 -- Added documentation for SESSION_COOKIE_PATH. Thanks to liling for the report, and gsong for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-13 00:17:35 +00:00
Russell Keith-Magee 457a1f9a03 Fixed #11272 -- Made some clarifications to the overview and tutorial. Thanks to jjinux for the review notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11044 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-06-18 13:32:12 +00:00
Adrian Holovaty 9848f888ba Made some small improvements to docs/topics/http/sessions.txt
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10839 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-26 05:29:28 +00:00
Gary Wilson Jr 88837875f2 Auth-related doc cleanups:
* Added to documentation of missing characters from `allowed_chars` in `make_random_password`.
  * Fixed several long lines and word wraps.
  * Added a reference link to the "How to log a user in" section and made a later reference to this section an actual link using the `:ref:` directive.
  * Turned a command line code example into a code block.
  * Added attribute reference link for a ``request.META`` mention.
  * Added `code-block:: html` directives for HTML examples.
  * Corrected reference links for all the `auth.views` functions.
  * Added a few function signatures and documentation of optional parameters that were missing for some of the the `auth.views` functions (refs #10272).


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9835 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-02-16 05:10:31 +00:00
Gary Wilson Jr 11d382c6c4 Fixed a long line, a typo, and a few misspellings from [9727].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9729 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-11 05:47:06 +00:00
Jacob Kaplan-Moss 299e1e814f Fixed #6791: added a write-through cache session backend: session data is written through the cache to the database, but read from the cache for speed. Thanks to jhenry, mcroydon, and jdunck.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9727 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-10 22:18:14 +00:00
Karen Tracey d4f4ab8535 Fixed #9487 -- Corrected several links into the Python docs that were broken by the recent Python docs refactor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9312 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-11-01 19:02:09 +00:00