Ticket #2548: session_middleware.19.diff

django/contrib/sessions/middleware.py

@@ -26 +26 @@
-            if accessed:
-                patch_vary_headers(response, ('Cookie',))
-            if modified or settings.SESSION_SAVE_EVERY_REQUEST:
-settings.SESSION_EXPIRE_AT_BROWSER_CLOSE
+request.session.get_expire_at_browser_close()
-                    max_age = None
-                    expires = None
-                else:
-settings.SESSION_COOKIE_AGE
-settings.SESSION_COOKIE_AGE
+request.session.get_max_age()
+max_age
-                    expires = cookie_date(expires_time)
-                # Save the seesion data and refresh the client cookie.
-                request.session.save()

django/contrib/sessions/tests.py

@@ -88 +88 @@
-
->>> s.pop('some key', 'does not exist')
-'does not exist'
+
+#########################
+# Custom session expiry #
+#########################
+
+>>> from django.conf import settings
+>>> from datetime import datetime, timedelta
+
+>>> td10 = timedelta(seconds=10)
+
+# A normal session has a max age equal to settings 
+>>> s.get_max_age() == settings.SESSION_COOKIE_AGE
+True
+
+# So does a custom session with an idle expiration time of 0 (but it'll expire
+# at browser close)
+>>> s.set_expiry(0)
+>>> s.get_max_age() == settings.SESSION_COOKIE_AGE
+True
+
+# Custom session idle expiration time
+>>> s.set_expiry(10)
+>>> delta = s.get_expiry_date() - datetime.utcnow()
+>>> delta.seconds in (9, 10)
+True
+>>> age = s.get_max_age()
+>>> age in (9, 10)
+True
+
+# Custom session fixed expiry date (timedelta)
+>>> s.set_expiry(td10)
+>>> delta = s.get_expiry_date() - datetime.utcnow()
+>>> delta.seconds in (9, 10)
+True
+>>> age = s.get_max_age()
+>>> age in (9, 10)
+True
+
+# Custom session fixed expiry date (fixed datetime)
+>>> s.set_expiry(datetime.utcnow() + td10)
+>>> delta = s.get_expiry_date() - datetime.utcnow()
+>>> delta.seconds in (9, 10)
+True
+>>> age = s.get_max_age()
+>>> age in (9, 10)
+True
+
+# Set back to default session age
+>>> s.set_expiry(None)
+>>> s.get_max_age() == settings.SESSION_COOKIE_AGE
+True
+
+# Allow to set back to default session age even if no alternate has been set
+>>> s.set_expiry(None)
+
+
+# We're changing the setting then reverting back to the original setting at the
+# end of these tests.
+>>> original_expire_at_browser_close = settings.SESSION_EXPIRE_AT_BROWSER_CLOSE
+>>> settings.SESSION_EXPIRE_AT_BROWSER_CLOSE = False
+
+# Custom session age
+>>> s.set_expiry(10)
+>>> s.get_expire_at_browser_close()
+False
+
+# Custom expire-at-browser-close
+>>> s.set_expiry(0)
+>>> s.get_expire_at_browser_close()
+True
+
+# Default session age
+>>> s.set_expiry(None)
+>>> s.get_expire_at_browser_close()
+False
+
+>>> settings.SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+
+# Custom session age
+>>> s.set_expiry(10)
+>>> s.get_expire_at_browser_close()
+False
+
+# Custom expire-at-browser-close
+>>> s.set_expiry(0)
+>>> s.get_expire_at_browser_close()
+True
+
+# Default session age
+>>> s.set_expiry(None)
+>>> s.get_expire_at_browser_close()
+True
+
+>>> settings.SESSION_EXPIRE_AT_BROWSER_CLOSE = original_expire_at_browser_close
-"""
-
-if __name__ == '__main__':

django/contrib/sessions/backends/base.py

@@ -4 +4 @@
-import random
-import sys
-import time
+from datetime import datetime, timedelta
-from django.conf import settings
-from django.core.exceptions import SuspiciousOperation
-
@@ -128 +129 @@
-
-    _session = property(_get_session)
-
+    def get_max_age(self):
+        expiry = self.get('_session_expiry')
+        if not expiry:   # Checks both None and 0 cases
+            return settings.SESSION_COOKIE_AGE
+        if not isinstance(expiry, datetime):
+            return expiry
+        delta = expiry - datetime.utcnow()
+        return delta.days * 86400 + delta.seconds
+
+    def get_expiry_date(self):
+        "Returns the expiry date (in UTC)"
+        expiry = self.get('_session_expiry', settings.SESSION_COOKIE_AGE)
+        if isinstance(expiry, datetime):
+            return expiry
+        return datetime.utcnow() + timedelta(seconds=expiry)
+
+    def set_expiry(self, value):
+        """
+        Sets a custom expiration for the session. ``value`` can be an integer, a
+        Python ``datetime`` or ``timedelta`` object or ``None``.
+
+        If ``value`` is an integer, the session will expire after that many
+        seconds of inactivity. If set to ``0`` then the session will expire on
+        browser close.
+
+        If ``value`` is a ``datetime`` or ``timedelta`` object, the session
+        will expire at that specific future time (``datetime`` objects should be
+        UTC).
+
+        If ``value`` is ``None``, the session uses the global session expiry
+        policy.
+        """
+        if value is None:
+            # Remove any custom expiration for this session.
+            try:
+                del self['_session_expiry']
+            except KeyError:
+                pass
+            return
+        if isinstance(value, timedelta):
+            value = datetime.utcnow() + value
+        self['_session_expiry'] = value
+
+    def get_expire_at_browser_close(self):
+        if self.get('_session_expiry') is None:
+            return settings.SESSION_EXPIRE_AT_BROWSER_CLOSE
+        return self.get('_session_expiry') == 0
+
-    # Methods that child classes must implement.
-
-    def exists(self, session_key):

django/contrib/sessions/backends/cache.py

@@ -4 +4 @@
-
-class SessionStore(SessionBase):
-    """
- 
+
-    """
-    def __init__(self, session_key=None):
-        self._cache = cache
-        super(SessionStore, self).__init__(session_key)
-
+
-    def load(self):
-        session_data = self._cache.get(self.session_key)
-        return session_data or {}
-
-    def save(self):
-ttings.SESSION_COOKIE_AGE
+lf.get_max_age()
-
-    def exists(self, session_key):
-        if self._cache.get(session_key):
-            return True
-        return False
-
+
-    def delete(self, session_key):
-        self._cache.delete(session_key)

django/contrib/sessions/backends/db.py

@@ -10 +10 @@
-    """
-    def __init__(self, session_key=None):
-        super(SessionStore, self).__init__(session_key)
-
+
-    def load(self):
-        try:
-            s = Session.objects.get(
- 
-
+
+utc
-            )
-            return self.decode(s.session_data)
-        except (Session.DoesNotExist, SuspiciousOperation):
-
+
-            # Create a new session_key for extra security.
-            self.session_key = self._get_new_session_key()
-            self._session_cache = {}
@@ -27 +27 @@
-            # Save immediately to minimize collision
-            self.save()
-            return {}
-
+
-    def exists(self, session_key):
-        try:
-            Session.objects.get(session_key=session_key)
-        except Session.DoesNotExist:
-            return False
-        return True
-
+
-    def save(self):
-        Session.objects.create(
-            session_key = self.session_key,
-            session_data = self.encode(self._session),
-datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE
+self.get_expiry_date(
-        )
-
+
-    def delete(self, session_key):
-        try:
-            Session.objects.get(session_key=session_key).delete()

AUTHORS

@@ -327 +327 @@
-    tstromberg@google.com
-    Makoto Tsuyuki <mtsuyuki@gmail.com>
-    tt@gurgle.no
-
+ <http://www.amitu.com/blog/>
-    Geert Vanderkelen
-    I.S. van Oostveen <v.oostveen@idca.nl>
-    viestards.lists@gmail.com

docs/sessions.txt

@@ -80 +80 @@
-It implements the following standard dictionary methods:
-
-    * ``__getitem__(key)``
+
-      Example: ``fav_color = request.session['fav_color']``
-
-    * ``__setitem__(key, value)``
+
-      Example: ``request.session['fav_color'] = 'blue'``
-
-    * ``__delitem__(key)``
+
-      Example: ``del request.session['fav_color']``. This raises ``KeyError``
-      if the given ``key`` isn't already in the session.
-
-    * ``__contains__(key)``
+
-      Example: ``'fav_color' in request.session``
-
-    * ``get(key, default=None)``
+
-      Example: ``fav_color = request.session.get('fav_color', 'red')``
-
-    * ``keys()``
@@ -101 +106 @@
-
-    * ``setdefault()`` (**New in Django development version**)
-
-three 
+
-
-    * ``set_test_cookie()``
-      Sets a test cookie to determine whether the user's browser supports
@@ -118 +123 @@
-    * ``delete_test_cookie()``
-      Deletes the test cookie. Use this to clean up after yourself.
-
+    * ``set_expiry(value)``
+
+      **New in Django development version**
+
+      Sets a custom expiration for the session.
+
+      If ``value`` is an integer, the session will expire after that many
+      seconds of inactivity. If set to ``0`` then the session will expire when
+      the user's browser is closed.
+
+      If ``value`` is a ``datetime`` or ``timedelta`` object, the session will
+      expire at that specific time (``datetime`` objects must be in UTC).
+
+      If ``value`` is ``None``, the session reverts to using the global session
+      expiry policy.
+
+    * ``get_max_age()``
+
+      **New in Django development version**
+
+      Returns the number of seconds until this session expires. For sessions
+      with no custom expiration (or those set to expire at browser close), this
+      will equal ``settings.SESSION_COOKIE_AGE``.
+
+    * ``get_expiry_date()``
+
+      **New in Django development version**
+
+      Returns the date this session will expire. For sessions with no custom
+      expiration (or those set to expire at browser close), this will equal the
+      UTC date ``settings.SESSION_COOKIE_AGE`` seconds from now.
+
+    * ``get_expire_at_browser_close()``
+
+      **New in Django development version**
+
+      Returns either ``True`` or ``False``, depending on whether this session
+      will expire when the user's browser is closed.
+
-You can edit ``request.session`` at any point in your view. You can edit it
-multiple times.
-
@@ -278 +322 @@
-her browser. Use this if you want people to have to log in every time they open
-a browser.
-
+**New in Django development version**
+
+This setting is a global default and can be overwritten by explicitly calling
+``request.session.set_expiry()`` as described above in
+`using sessions in views`_.
+
-Clearing the session table
-==========================
-