| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
backends more extensible.
Introduced an AbstractBaseSession model and hooks providing the option
of overriding the model class used by the session store and the session
store class used by the model.
|
|
|
|
|
|
|
|
|
| |
loading the session.
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.
This is a security fix; disclosure to follow shortly.
|
| |
|
| |
|
|
|
|
| |
imports to range
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Thanks Curtis Malony and Florian Apolloner.
Squashed commit of the following:
commit 3380495e93f5e81b80a251b03ddb0a80b17685f5
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sat Nov 23 14:18:07 2013 +0100
Looked up the template_fragments cache at runtime.
commit 905a74f52b24a198f802520ff06290a94dedc687
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sat Nov 23 14:19:48 2013 +0100
Removed all uses of create_cache.
Refactored the cache tests significantly.
Made it safe to override the CACHES setting.
commit 35e289fe9285feffed3c60657af9279a6a2cfccc
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sat Nov 23 12:23:57 2013 +0100
Removed create_cache function.
commit 8e274f747a1f1c0c0e6c37873e29067f7fa022e8
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Sat Nov 23 12:04:52 2013 +0100
Updated docs to describe a simplified cache backend API.
commit ee7eb0f73e6d4699edcf5d357dce715224525cf6
Author: Curtis Maloney <curtis@tinbrain.net>
Date: Sat Oct 19 09:49:24 2013 +1100
Fixed #21012 -- Thread-local caches, like databases.
|
| |
|
|
|
|
|
|
| |
session backend.
Thanks stumbles for the patch.
|
|
|
|
|
|
|
| |
* Prevented stale session files from being loaded
* Added removal of stale session files in django-admin.py clearsessions
Thanks ej for the report, crodjer and Elvard for their inputs.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The previous commit didn't work with PyLibMC.
This solution appears to be the best compromise
at this point in the 1.4 release cycle.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17797 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
done in r17795. Refs #17810.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17796 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Catches memcached session key errors related to overly long session keys.
This is a long-standing bug, but severity was exacerbated by the addition
of cookie-backed session storage, which generates long session values. If
an installation switched from cookie-backed session store to memcached,
users would not be able to log in because of the server error from overly
long memcached keys.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17795 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
|
|
|
|
| |
Cleaned up code slightly. Refs #13478.
This also removes the implicit initialization of the session key on the first access in favor of explicit initialization.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17155 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
manipulate session data using the cache. A security announcement will be made shortly.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16759 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
port. Thanks, Martin von Löwis.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16740 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
sessions with cache backend.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9934 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
|
|
|
| |
generation when using
the cache backend and memcached goes away (or is not running).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8620 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
to load a cache-backed session object that doesn't alreayd exist.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8410 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
|
|
|
| |
accesses in the session
backend. Refs #8311, although doesn't fix the problem there.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8381 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
|
|
|
|
|
|
| |
submitting a session key (via
a cookie) with no corresponding entry in the database.
This only affected the database backend, but I've applied the same fix to all
three backends for robustness.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8351 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
|
|
|
|
|
|
| |
the session and
regenerates the key. Used to ensure the caller gets a fresh session at logout,
for example.
Based on a patch from mrts. Refs #7515.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8342 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Slightly backwards
incompatible for custom session backends.
Whilst we were in the neighbourhood, use a larger range of session key values
to save a small amount of time and use the hardware-base random numbers where
available (transparently falls back to pseudo-RNG otherwise).
Fixed #1080
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8340 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
from throughout the codebase. Thanks, julien
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8046 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
| |
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7725 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
|
|
|
|
| |
objects. Thanks, Amit Upadhyay and SmileyChris.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7586 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|
|
or on the filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37
|