Changeset 4771

Timestamp:

03/21/07 21:20:33 (1 year ago)

Author:

mtredinnick

Message:

Reduced the chances of session object collision. The window of opportunity is
now about five Python instructions in get_or_create(). This doesn't guarantee
no collisions, but should fix many occurrences. Refs #1180.

Files:

• django/trunk/django/contrib/sessions/middleware.py (modified) (1 diff)
• django/trunk/django/contrib/sessions/models.py (modified) (2 diffs)

django/trunk/django/contrib/sessions/middleware.py

@@ -84 +84 @@
-                patch_vary_headers(response, ('Cookie',))
-            if modified or settings.SESSION_SAVE_EVERY_REQUEST:
-
+
+
+
+
+
+
-                if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
-                    max_age = None

django/trunk/django/contrib/sessions/models.py

@@ -1 @@
-
+, datetime
-import cPickle as pickle
-from django.db import models
@@ -23 +23 @@
-                break
-        return session_key
+
+    def get_new_session_object(self):
+        """
+        Returns a new session object.
+        """
+        # FIXME: There is a *small* chance of collision here, meaning we will
+        # return an existing object. That can be fixed when we add a way to
+        # validate (and guarantee) that non-auto primary keys are unique. For
+        # now, we save immediately in order to reduce the "window of
+        # misfortune" as much as possible.
+        created = False
+        while not created:
+            obj, created = self.get_or_create(session_key=self.get_new_session_key(),
+                    expire_date = datetime.datetime.now())
+            # Collision in key generation, so re-seed the generator
+            random.seed()
+        return obj
-
-    def save(self, session_key, session_dict, expire_date):