Jon Dufresne
d13881bd34
Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion when using SESSION_COOKIE_PATH.
2016-06-21 11:03:25 -04:00
Jon Dufresne
4f336f6652
Fixed #26747 -- Used more specific assertions in the Django test suite.
2016-06-16 14:19:18 -04:00
Tobias Kroenke
b040ac06eb
Fixed #26520 -- Fixed a regression where SessionBase.pop() didn't return a KeyError.
2016-04-20 13:06:47 -04:00
Nicolas Noé
973f393761
Refs #24621 -- Added a test for SessionBase.pop()'s 'default' argument.
2016-04-20 12:57:07 -04:00
Tim Graham
92053acbb9
Fixed E128 flake8 warnings in tests/.
2016-04-08 10:12:33 -04:00
Jon Dufresne
5faf745999
Refs #21608 -- Fixed incorrect cache key in cache session backend's save().
...
The bug was introduced commit 3389c5ea22
.
2016-04-04 07:41:59 -04:00
Tore Lundqvist
3389c5ea22
Fixed #21608 -- Prevented logged out sessions being resurrected by concurrent requests.
...
Thanks Simon Charette for the review.
2016-02-26 18:56:56 -05:00
Simon Charette
62ea86448e
Cleaned up session backends tests.
...
Made SessionTestsMixin backend agnostic and removed code obsoleted by the test
discovery refactor.
2016-02-26 11:22:33 -05:00
Simon Charette
19318507d9
Stopped registering the sessions tests models to the sessions app.
2016-02-04 12:28:09 -05:00
Hasan
3d0dcd7f5a
Refs #26022 -- Used context manager version of assertRaises in tests.
2016-01-29 12:32:18 -05:00
John Vandenberg
9e3f6c7483
Fixed quad quoted ("""") docstring starts.
2015-10-20 12:19:17 -04:00
Aleksandra Tarkowska
c055224763
Fixed #22938 -- Allowed clearsessions to remove file-based sessions.
2015-10-03 09:21:10 -04:00
Sergey Kolosov
22bb548900
Fixed #22634 -- Made the database-backed session backends more extensible.
...
Introduced an AbstractBaseSession model and hooks providing the option
of overriding the model class used by the session store and the session
store class used by the model.
2015-08-27 15:00:09 -04:00
Tim Graham
867d287b3a
Added a test to ensure empty sessions are saved.
2015-08-20 10:24:19 -04:00
Tim Graham
8cc41ce7a7
Fixed DoS possiblity in contrib.auth.views.logout()
...
Thanks Florian Apolloner and Carl Meyer for review.
This is a security fix.
2015-08-18 08:03:43 -04:00
Carl Meyer
df049ed77a
Fixed #19324 -- Avoided creating a session record when loading the session.
...
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.
This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
David Bannon
f4416b1a8b
Fixed #24915 -- Added stricter session key validation
...
Changed _session_key attribute to a property and implemented basic
validation in the setter. The session key must be 'truthy' and
at least 8 characters long. Otherwise, the value is set to None.
2015-06-06 20:04:20 -04:00
Tim Graham
088579638b
Fixed incorrect session.flush() in cached_db session backend.
...
This is a security fix; disclosure to follow shortly.
Thanks Sam Cooke for the report and draft patch.
2015-05-20 13:48:06 -04:00
Bo Lopker
2dee853ed4
Fixed #24799 -- Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN
2015-05-15 11:23:41 -04:00
Tim Graham
4e59156c10
Fixed sessions test on Python 3.5; refs #23763 .
...
SimpleCookie.__repr__() changed in
https://hg.python.org/cpython/rev/88e1151e8e02
2015-03-31 08:38:43 -04:00
Tim Graham
8a481498aa
Fixed #24468 -- Made signed cookies cache backend resilient to unpickling exceptions.
2015-03-12 08:19:54 -04:00
Tim Graham
fac3a34cbb
Moved contrib.sessions tests out of contrib.
2015-02-11 10:19:22 -05:00