Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/django/contrib/sessions/backends
Commit message (Collapse)AuthorAgeFilesLines
* Fixed #25558 -- Fixed nondeterministic test failure on ↵Brian Gianforcaro2015-10-171-1/+1
| | | | | | | | Windows: test_clearsessions_command. The test session without an expiration date added in refs #22938 wasn't always deleted on Windows because get_expiry_age() returns zero and the file backend didn't consider that an expired session.
* Fixed #22938 -- Allowed clearsessions to remove ↵Aleksandra Tarkowska2015-10-031-3/+10
| | | | file-based sessions.
* Fixed #22634 -- Made the database-backed session ↵Sergey Kolosov2015-08-273-28/+44
| | | | | | | | backends more extensible. Introduced an AbstractBaseSession model and hooks providing the option of overriding the model class used by the session store and the session store class used by the model.
* Fixed #19324 -- Avoided creating a session record when ↵Carl Meyer2015-07-084-8/+12
| | | | | | | | | loading the session. The session record is now only created if/when the session is modified. This prevents a potential DoS via creation of many empty session records. This is a security fix; disclosure to follow shortly.
* Fixed #24915 -- Added stricter session key validationDavid Bannon2015-06-071-1/+18
| | | | | | Changed _session_key attribute to a property and implemented basic validation in the setter. The session key must be 'truthy' and at least 8 characters long. Otherwise, the value is set to None.
* Fixed incorrect session.flush() in cached_db session ↵Tim Graham2015-05-201-1/+1
| | | | | | | | backend. This is a security fix; disclosure to follow shortly. Thanks Sam Cooke for the report and draft patch.
* Removed unnecessary arguments in .get method callsPiotr Jakimiak2015-05-132-2/+2
|
* Fixed #24621 -- Fixed and documented SessionBase.pop's ↵Adam Zapletal2015-04-131-2/+2
| | | | | | | | second argument Changed SessionBase.pop's second argument to explicitly be default=None rather than *args since _session is always a dict. Thanks gabor for the report and Tim Graham for the review.
* Fixed #24468 -- Made signed cookies cache backend ↵Tim Graham2015-03-121-1/+3
| | | | resilient to unpickling exceptions.
* Sorted imports with isort; refs #23860.Tim Graham2015-02-066-17/+16
|
* Fixed #23812 -- Changed django.utils.six.moves.xrange ↵Michael Hall2014-12-131-2/+2
| | | | imports to range
* Fixed #20936 -- When logging out/ending a session, don't ↵Matt Robenolt2014-05-122-2/+9
| | | | | | | | | | | | | create a new, empty session. Previously, when logging out, the existing session was overwritten by a new sessionid instead of deleting the session altogether. This behavior added overhead by creating a new session record in whichever backend was in use: db, cache, etc. This extra session is unnecessary at the time since no session data is meant to be preserved when explicitly logging out.
* Fixed #21674 -- Deprecated the import_by_path() function ↵Berker Peksag2014-02-081-2/+2
| | | | | | in favor of import_string(). Thanks Aymeric Augustin for the suggestion and review.
* Fixed #21012 -- New API to access cache backends.Curtis Maloney2013-11-232-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Thanks Curtis Malony and Florian Apolloner. Squashed commit of the following: commit 3380495e93f5e81b80a251b03ddb0a80b17685f5 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Nov 23 14:18:07 2013 +0100 Looked up the template_fragments cache at runtime. commit 905a74f52b24a198f802520ff06290a94dedc687 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Nov 23 14:19:48 2013 +0100 Removed all uses of create_cache. Refactored the cache tests significantly. Made it safe to override the CACHES setting. commit 35e289fe9285feffed3c60657af9279a6a2cfccc Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Nov 23 12:23:57 2013 +0100 Removed create_cache function. commit 8e274f747a1f1c0c0e6c37873e29067f7fa022e8 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Nov 23 12:04:52 2013 +0100 Updated docs to describe a simplified cache backend API. commit ee7eb0f73e6d4699edcf5d357dce715224525cf6 Author: Curtis Maloney <curtis@tinbrain.net> Date: Sat Oct 19 09:49:24 2013 +1100 Fixed #21012 -- Thread-local caches, like databases.
* More attacking E302 violatorsAlex Gaynor2013-11-023-0/+4
|
* Fixed #21134 -- Prevented queries in broken transactions.Aymeric Augustin2013-09-301-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Squashed commit of the following: commit 63ddb271a44df389b2c302e421fc17b7f0529755 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sun Sep 29 22:51:00 2013 +0200 Clarified interactions between atomic and exceptions. commit 2899ec299228217c876ba3aa4024e523a41c8504 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sun Sep 22 22:45:32 2013 +0200 Fixed TransactionManagementError in tests. Previous commit introduced an additional check to prevent running queries in transactions that will be rolled back, which triggered a few failures in the tests. In practice using transaction.atomic instead of the low-level savepoint APIs was enough to fix the problems. commit 4a639b059ea80aeb78f7f160a7d4b9f609b9c238 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Tue Sep 24 22:24:17 2013 +0200 Allowed nesting constraint_checks_disabled inside atomic. Since MySQL handles transactions loosely, this isn't a problem. commit 2a4ab1cb6e83391ff7e25d08479e230ca564bfef Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Sep 21 18:43:12 2013 +0200 Prevented running queries in transactions that will be rolled back. This avoids a counter-intuitive behavior in an edge case on databases with non-atomic transaction semantics. It prevents using savepoint_rollback() inside an atomic block without calling set_rollback(False) first, which is backwards-incompatible in tests. Refs #21134. commit 8e3db393853c7ac64a445b66e57f3620a3fde7b0 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sun Sep 22 22:14:17 2013 +0200 Replaced manual savepoints by atomic blocks. This ensures the rollback flag is handled consistently in internal APIs.
* Fixed #20841 -- Added messages to NotImplementedErrorsGregor MacGregor2013-09-101-6/+6
| | | | Thanks joseph at vertstudios.com for the suggestion.
* Fixed #21000 -- Made cached_db session backend respect ↵CHI Cheng2013-09-051-6/+8
| | | | SESSION_CACHE_ALIAS
* Fixed #20922 -- Allowed customizing the serializer used ↵Tim Graham2013-08-222-31/+11
| | | | | | | | | by contrib.sessions Added settings.SESSION_SERIALIZER which is the import path of a serializer to use for sessions. Thanks apollo13, carljm, shaib, akaariai, charettes, and dstufft for reviews.
* Fixed #19866 -- Added security logger and return 400 for ↵Preston Holmes2013-05-264-8/+37
| | | | | | | | | | | | SuspiciousOperation. SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
* Fix #19664 -- Illegal Characters In Session Key Give ↵Erik Romijn2013-05-191-1/+1
| | | | Fatal Error On File Backend Only
* Deprecated transaction.commit/rollback_unless_managed.Aymeric Augustin2013-03-111-1/+0
| | | | | | | | Since "unless managed" now means "if database-level autocommit", committing or rolling back doesn't have any effect. Restored transactional integrity in a few places that relied on automatically-started transactions with a transitory API.
* Fixed #9084 - Best approach for an OS to atomically ↵Joeri Bekker2013-02-241-1/+6
| | | | rename the session file.
* Fixed #19356 -- Increased session key entropy.Aymeric Augustin2012-11-292-9/+8
|
* Fixed #19254 -- Bug in SESSION_FILE_PATH handling.Aymeric Augustin2012-11-061-1/+1
| | | | | | Thanks simonb for the report. Refs #18194.
* Fixed #17083 -- Allowed sessions to use non-default cache.Aymeric Augustin2012-10-311-2/+3
|
* Fixed #14093 -- Improved error message in the cache ↵Aymeric Augustin2012-10-281-1/+3
| | | | | | session backend. Thanks stumbles for the patch.
* Fixed #18194 -- Expiration of file-based sessionsAymeric Augustin2012-10-285-13/+83
| | | | | | | * Prevented stale session files from being loaded * Added removal of stale session files in django-admin.py clearsessions Thanks ej for the report, crodjer and Elvard for their inputs.
* Added optional kwargs to get_expiry_age/date.Aymeric Augustin2012-10-272-9/+33
| | | | | | | | | | | This change allows for cleaner tests: we can test the exact output. Refs #18194: this change makes it possible to compute session expiry dates at times other than when the session is saved. Fixed #18458: the existence of the `modification` kwarg implies that you must pass it to get_expiry_age/date if you call these functions outside of a short request - response cycle (the intended use case).
* Fixed #19200 -- Session expiry with cached_dbAymeric Augustin2012-10-274-8/+30
| | | | Also did a little bit of cleanup.
* Replaced many smart_bytes by force_bytesClaude Paroz2012-08-291-2/+2
| | | | | | In all those occurrences, we didn't care about preserving the lazy status of the strings, but we really wanted to obtain a real bytestring.
* Removed unneeded smart_bytes import which was introduced ↵Florian Apolloner2012-08-151-1/+0
| | | | in f2fff84bc.
* [py3] fixed session file backend.Florian Apolloner2012-08-151-1/+2
|
* [py3] Fixed test_client_regress testsClaude Paroz2012-08-151-1/+1
|
* [py3] Avoided the deprecated base64 interface.Aymeric Augustin2012-08-141-2/+2
| | | | This fixes a deprecation warning under Python 3.
* [py3] Fix encoding issues in contrib.sessionsClaude Paroz2012-08-122-6/+8
|
* [py3] Ported django.utils.encoding.Aymeric Augustin2012-08-071-2/+2
| | | | | | | | | | | * Renamed smart_unicode to smart_text (but kept the old name under Python 2 for backwards compatibility). * Renamed smart_str to smart_bytes. * Re-introduced smart_str as an alias for smart_text under Python 3 and smart_bytes under Python 2 (which is backwards compatible). Thus smart_str always returns a str objects. * Used the new smart_str in a few places where both Python 2 and 3 want a str.
* [py3] Added Python 3 compatibility for xrange.Aymeric Augustin2012-07-221-0/+1
|
* [py3] Switched to Python 3-compatible imports.Aymeric Augustin2012-07-222-2/+2
| | | | | xrange/range will be dealt with in a separate commit due to the huge number of changes.
* Made more extensive usage of context managers with open.Claude Paroz2012-05-051-11/+8
|
* Fixed #18013 -- Use the new 'as' syntax for exceptions.Claude Paroz2012-04-291-1/+1
| | | | | Thanks Clueless for the initial patch. Note that unittest has been purposely left out (external package only used by Python 2.6).
* Fixed #17810 (again). Catch session key errors.Aymeric Augustin2012-03-232-8/+6
| | | | | | | | | | The previous commit didn't work with PyLibMC. This solution appears to be the best compromise at this point in the 1.4 release cycle. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17797 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed an incompatibility with Python 2.5 in the changes ↵Jannis Leidel2012-03-232-2/+4
| | | | | | done in r17795. Refs #17810. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17796 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #17810. Catch session key errors.Paul McMillan2012-03-232-2/+14
| | | | | | | | | | | | | Catches memcached session key errors related to overly long session keys. This is a long-standing bug, but severity was exacerbated by the addition of cookie-backed session storage, which generates long session values. If an installation switched from cookie-backed session store to memcached, users would not be able to log in because of the server error from overly long memcached keys. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17795 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Cleanup to use get_random_string consistently.Paul McMillan2012-02-231-21/+8
| | | | | | | | Removes several ad hoc implementations of get_random_string() and removes an innapropriate use of settings.SECRET_KEY. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17580 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #17506 -- Did a minor optimization in the ↵Julien Phalip2012-01-241-5/+1
| | | | | | sessions' database backend. Thanks to FunkyBob for the report and patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17390 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Optimized the cached_db session backend to check if a ↵Aymeric Augustin2011-11-271-0/+2
| | | | | | key exists in the cache first. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17156 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #11555 -- Made SessionBase.session_key read-only. ↵Aymeric Augustin2011-11-276-39/+47
| | | | | | | | | | Cleaned up code slightly. Refs #13478. This also removes the implicit initialization of the session key on the first access in favor of explicit initialization. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17155 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Upgraded django.contrib.sessions to be compatible with ↵Aymeric Augustin2011-11-202-5/+6
| | | | | | time zone support. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17121 bcc190cf-cafb-0310-a4f2-bffc1f526a37
* Fixed #17223 -- Correctly reference the signed cookies ↵Jannis Leidel2011-11-171-2/+2
| | | | | | session backend. Thanks, Bryan Veloso. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17101 bcc190cf-cafb-0310-a4f2-bffc1f526a37