p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
22,274 Commits 28 Branches 411 Tags 641 MiB
Commit Graph

16 Commits

Author SHA1 Message Date
Tore Lundqvist 3389c5ea22 Fixed #21608 -- Prevented logged out sessions being resurrected by concurrent requests. 
Thanks Simon Charette for the review.
 2016-02-26 18:56:56 -05:00
Simon Charette 62ea86448e Cleaned up session backends tests. 
Made SessionTestsMixin backend agnostic and removed code obsoleted by the test
discovery refactor.
 2016-02-26 11:22:33 -05:00
Simon Charette 19318507d9 Stopped registering the sessions tests models to the sessions app. 2016-02-04 12:28:09 -05:00
Hasan 3d0dcd7f5a Refs #26022 -- Used context manager version of assertRaises in tests. 2016-01-29 12:32:18 -05:00
John Vandenberg 9e3f6c7483 Fixed quad quoted ("""") docstring starts. 2015-10-20 12:19:17 -04:00
Aleksandra Tarkowska c055224763 Fixed #22938 -- Allowed clearsessions to remove file-based sessions. 2015-10-03 09:21:10 -04:00
Sergey Kolosov 22bb548900 Fixed #22634 -- Made the database-backed session backends more extensible. 
Introduced an AbstractBaseSession model and hooks providing the option
of overriding the model class used by the session store and the session
store class used by the model.
 2015-08-27 15:00:09 -04:00
Tim Graham 867d287b3a Added a test to ensure empty sessions are saved. 2015-08-20 10:24:19 -04:00
Tim Graham 8cc41ce7a7 Fixed DoS possiblity in contrib.auth.views.logout() 
Thanks Florian Apolloner and Carl Meyer for review.

This is a security fix.
 2015-08-18 08:03:43 -04:00
Carl Meyer df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session. 
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
 2015-07-08 15:23:03 -04:00
David Bannon f4416b1a8b Fixed #24915 -- Added stricter session key validation 
Changed _session_key attribute to a property and implemented basic
validation in the setter. The session key must be 'truthy' and
at least 8 characters long. Otherwise, the value is set to None.
 2015-06-06 20:04:20 -04:00
Tim Graham 088579638b Fixed incorrect session.flush() in cached_db session backend. 
This is a security fix; disclosure to follow shortly.

Thanks Sam Cooke for the report and draft patch.
 2015-05-20 13:48:06 -04:00
Bo Lopker 2dee853ed4 Fixed #24799 -- Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN 2015-05-15 11:23:41 -04:00
Tim Graham 4e59156c10 Fixed sessions test on Python 3.5; refs #23763. 
SimpleCookie.__repr__() changed in
https://hg.python.org/cpython/rev/88e1151e8e02
 2015-03-31 08:38:43 -04:00
Tim Graham 8a481498aa Fixed #24468 -- Made signed cookies cache backend resilient to unpickling exceptions. 2015-03-12 08:19:54 -04:00
Tim Graham fac3a34cbb Moved contrib.sessions tests out of contrib. 2015-02-11 10:19:22 -05:00