django

Commit Graph

Author	SHA1	Message	Date
Sergey Kolosov	22bb548900	Fixed #22634 -- Made the database-backed session backends more extensible. Introduced an AbstractBaseSession model and hooks providing the option of overriding the model class used by the session store and the session store class used by the model.	2015-08-27 15:00:09 -04:00
Tim Graham	867d287b3a	Added a test to ensure empty sessions are saved.	2015-08-20 10:24:19 -04:00
Tim Graham	8cc41ce7a7	Fixed DoS possiblity in contrib.auth.views.logout() Thanks Florian Apolloner and Carl Meyer for review. This is a security fix.	2015-08-18 08:03:43 -04:00
Carl Meyer	df049ed77a	Fixed #19324 -- Avoided creating a session record when loading the session. The session record is now only created if/when the session is modified. This prevents a potential DoS via creation of many empty session records. This is a security fix; disclosure to follow shortly.	2015-07-08 15:23:03 -04:00
David Bannon	f4416b1a8b	Fixed #24915 -- Added stricter session key validation Changed _session_key attribute to a property and implemented basic validation in the setter. The session key must be 'truthy' and at least 8 characters long. Otherwise, the value is set to None.	2015-06-06 20:04:20 -04:00
Tim Graham	088579638b	Fixed incorrect session.flush() in cached_db session backend. This is a security fix; disclosure to follow shortly. Thanks Sam Cooke for the report and draft patch.	2015-05-20 13:48:06 -04:00
Bo Lopker	2dee853ed4	Fixed #24799 -- Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN	2015-05-15 11:23:41 -04:00
Tim Graham	4e59156c10	Fixed sessions test on Python 3.5; refs #23763 . SimpleCookie.__repr__() changed in https://hg.python.org/cpython/rev/88e1151e8e02	2015-03-31 08:38:43 -04:00
Tim Graham	8a481498aa	Fixed #24468 -- Made signed cookies cache backend resilient to unpickling exceptions.	2015-03-12 08:19:54 -04:00
Tim Graham	fac3a34cbb	Moved contrib.sessions tests out of contrib.	2015-02-11 10:19:22 -05:00

10 Commits