Fixed #4724 -- Added support for configurable session cookie paths. Helps with

multiple Django installs under the same hostname. Thanks, frej and Graham
Dumpleton.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Malcolm Tredinnick 2007-10-20 05:13:56 +00:00
parent 1a1a39738a
commit e172e7be57
3 changed files with 24 additions and 11 deletions

View File

@ -275,6 +275,7 @@ SESSION_COOKIE_NAME = 'sessionid' # Cookie name. This can
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds (default: 2 weeks). SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds (default: 2 weeks).
SESSION_COOKIE_DOMAIN = None # A string like ".lawrence.com", or None for standard domain cookie. SESSION_COOKIE_DOMAIN = None # A string like ".lawrence.com", or None for standard domain cookie.
SESSION_COOKIE_SECURE = False # Whether the session cookie should be secure (https:// only). SESSION_COOKIE_SECURE = False # Whether the session cookie should be secure (https:// only).
SESSION_COOKIE_PATH = '/' # The path of the session cookie.
SESSION_SAVE_EVERY_REQUEST = False # Whether to save the session data on every request. SESSION_SAVE_EVERY_REQUEST = False # Whether to save the session data on every request.
SESSION_EXPIRE_AT_BROWSER_CLOSE = False # Whether sessions expire when a user closes his browser. SESSION_EXPIRE_AT_BROWSER_CLOSE = False # Whether sessions expire when a user closes his browser.
SESSION_ENGINE = 'django.contrib.sessions.backends.db' # The module to store session data SESSION_ENGINE = 'django.contrib.sessions.backends.db' # The module to store session data

View File

@ -31,7 +31,7 @@ class SessionMiddleware(object):
else: else:
max_age = settings.SESSION_COOKIE_AGE max_age = settings.SESSION_COOKIE_AGE
rfcdate = formatdate(time.time() + settings.SESSION_COOKIE_AGE) rfcdate = formatdate(time.time() + settings.SESSION_COOKIE_AGE)
# Fixed length date must have '-' separation in the format # Fixed length date must have '-' separation in the format
# DD-MMM-YYYY for compliance with Netscape cookie standard # DD-MMM-YYYY for compliance with Netscape cookie standard
expires = datetime.datetime.strftime(datetime.datetime.utcnow() + \ expires = datetime.datetime.strftime(datetime.datetime.utcnow() + \
@ -39,8 +39,10 @@ class SessionMiddleware(object):
# Save the seesion data and refresh the client cookie. # Save the seesion data and refresh the client cookie.
request.session.save() request.session.save()
response.set_cookie(settings.SESSION_COOKIE_NAME, request.session.session_key, response.set_cookie(settings.SESSION_COOKIE_NAME,
max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN, request.session.session_key, max_age=max_age,
secure=settings.SESSION_COOKIE_SECURE or None) expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
path=settings.SESSION_COOKIE_PATH,
secure=settings.SESSION_COOKIE_SECURE or None)
return response return response

View File

@ -475,7 +475,7 @@ FIXTURE_DIRS
Default: ``()`` (Empty tuple) Default: ``()`` (Empty tuple)
List of locations of the fixture data files, in search order. Note that List of locations of the fixture data files, in search order. Note that
these paths should use Unix-style forward slashes, even on Windows. See these paths should use Unix-style forward slashes, even on Windows. See
`Testing Django Applications`_. `Testing Django Applications`_.
.. _Testing Django Applications: ../testing/ .. _Testing Django Applications: ../testing/
@ -731,8 +731,8 @@ SERIALIZATION_MODULES
Default: Not defined. Default: Not defined.
A dictionary of modules containing serializer definitions (provided as A dictionary of modules containing serializer definitions (provided as
strings), keyed by a string identifier for that serialization type. For strings), keyed by a string identifier for that serialization type. For
example, to define a YAML serializer, use:: example, to define a YAML serializer, use::
SERIALIZATION_MODULES = { 'yaml' : 'path.to.yaml_serializer' } SERIALIZATION_MODULES = { 'yaml' : 'path.to.yaml_serializer' }
@ -754,10 +754,10 @@ Default: ``django.contrib.sessions.backends.db``
Controls where Django stores session data. Valid values are: Controls where Django stores session data. Valid values are:
* ``'django.contrib.sessions.backends.db'`` * ``'django.contrib.sessions.backends.db'``
* ``'django.contrib.sessions.backends.file'`` * ``'django.contrib.sessions.backends.file'``
* ``'django.contrib.sessions.backends.cache'`` * ``'django.contrib.sessions.backends.cache'``
See the `session docs`_ for more details. See the `session docs`_ for more details.
SESSION_COOKIE_AGE SESSION_COOKIE_AGE
@ -784,6 +784,16 @@ Default: ``'sessionid'``
The name of the cookie to use for sessions. This can be whatever you want. The name of the cookie to use for sessions. This can be whatever you want.
See the `session docs`_. See the `session docs`_.
SESSION_COOKIE_PATH
-------------------
Default: ``'/'``
The path set on the session cookie. Should match the URL path of your Django
installation (or be parent of that path). This is useful if you have multiple
Django instances running under the same hostname; they can use different
cookie paths and each instance will only see its own session cookie.
SESSION_COOKIE_SECURE SESSION_COOKIE_SECURE
--------------------- ---------------------