Navigation

← Previous Changeset
Next Changeset →

Changeset 8340

Timestamp:

08/13/08 22:57:18 (4 months ago)

Author:

mtredinnick

Message:

Added guaranteed atomic creation of new session objects. Slightly backwards
incompatible for custom session backends.

Whilst we were in the neighbourhood, use a larger range of session key values
to save a small amount of time and use the hardware-base random numbers where
available (transparently falls back to pseudo-RNG otherwise).

Fixed #1080

Files:

django/trunk/django/contrib/sessions/backends/base.py (modified) (3 diffs)
django/trunk/django/contrib/sessions/backends/cache.py (modified) (3 diffs)
django/trunk/django/contrib/sessions/backends/db.py (modified) (4 diffs)
django/trunk/django/contrib/sessions/backends/file.py (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

django/trunk/django/contrib/sessions/backends/base.py

r8193	r8340
14	14	from django.utils.hashcompat import md5_constructor
15	15
	16	# Use the system (hardware-based) random number generator if it exists.
	17	if hasattr(random, 'SystemRandom'):
	18	randint = random.SystemRandom().randint
	19	else:
	20	randint = random.randint
	21	MAX_SESSION_KEY = 18446744073709551616L # 2 << 63
	22
	23	class CreateError(Exception):
	24	"""
	25	Used internally as a consistent exception type to catch from save (see the
	26	docstring for SessionBase.save() for details).
	27	"""
	28	pass
16	29
17	30	class SessionBase(object):
…	…
118	131	pid = 1
119	132	while 1:
120		session_key = md5_constructor("%s%s%s%s" % (random.randint(0, sys.maxint - 1),
121		pid, time.time(), settings.SECRET_KEY)).hexdigest()
	133	session_key = md5_constructor("%s%s%s%s"
	134	% (random.randrange(0, MAX_SESSION_KEY), pid, time.time(),
	135	settings.SECRET_KEY)).hexdigest()
122	136	if not self.exists(session_key):
123	137	break
…	…
214	228	raise NotImplementedError
215	229
216		def save(self):
217		"""
218		Saves the session data.
	230	def create(self):
	231	"""
	232	Creates a new session instance. Guaranteed to create a new object with
	233	a unique key and will have saved the result once (with empty data)
	234	before the method returns.
	235	"""
	236	raise NotImplementedError
	237
	238	def save(self, must_create=False):
	239	"""
	240	Saves the session data. If 'must_create' is True, a new session object
	241	is created (otherwise a CreateError exception is raised). Otherwise,
	242	save() can update an existing object with the same key.
219	243	"""
220	244	raise NotImplementedError

django/trunk/django/contrib/sessions/backends/cache.py

r8046	r8340
1		from django.contrib.sessions.backends.base import SessionBase
	1	from django.contrib.sessions.backends.base import SessionBase, CreateError
2	2	from django.core.cache import cache
3	3
…	…
12	12	def load(self):
13	13	session_data = self._cache.get(self.session_key)
14		return session_data or {}
	14	if session_data is not None:
	15	return session_data
	16	self.create()
15	17
16		def save(self):
17		self._cache.set(self.session_key, self._session, self.get_expiry_age())
	18	def create(self):
	19	while True:
	20	self.session_key = self._get_new_session_key()
	21	try:
	22	self.save(must_create=True)
	23	except CreateError:
	24	continue
	25	self.modified = True
	26	return
	27
	28	def save(self, must_create=False):
	29	if must_create:
	30	func = self._cache.add
	31	else:
	32	func = self._cache.set
	33	result = func(self.session_key, self._session, self.get_expiry_age())
	34	if must_create and not result:
	35	raise CreateError
18	36
19	37	def exists(self, session_key):
…	…
24	42	def delete(self, session_key):
25	43	self._cache.delete(session_key)
	44

django/trunk/django/contrib/sessions/backends/db.py

r8046	r8340
1	1	import datetime
2	2	from django.contrib.sessions.models import Session
3		from django.contrib.sessions.backends.base import SessionBase
	3	from django.contrib.sessions.backends.base import SessionBase, CreateError
4	4	from django.core.exceptions import SuspiciousOperation
	5	from django.db import IntegrityError, transaction
5	6
6	7	class SessionStore(SessionBase):
…	…
8	9	Implements database session store.
9	10	"""
10		~~def __init__(self, session_key=None):~~
11		~~super(SessionStore, self).__init__(session_key)~~
12
13	11	def load(self):
14	12	try:
…	…
19	17	return self.decode(s.session_data)
20	18	except (Session.DoesNotExist, SuspiciousOperation):
21
22		# Create a new session_key for extra security.
23		self.session_key = self._get_new_session_key()
24		self._session_cache = {}
25
26		# Save immediately to minimize collision
27		self.save()
28		# Ensure the user is notified via a new cookie.
29		self.modified = True
	19	self.create()
30	20	return {}
31	21
…	…
37	27	return True
38	28
39		def save(self):
40		Session.objects.create(
	29	def create(self):
	30	while True:
	31	self.session_key = self._get_new_session_key()
	32	try:
	33	# Save immediately to ensure we have a unique entry in the
	34	# database.
	35	self.save(must_create=True)
	36	except CreateError:
	37	# Key wasn't unique. Try again.
	38	continue
	39	self.modified = True
	40	self._session_cache = {}
	41	return
	42
	43	def save(self, must_create=False):
	44	"""
	45	Saves the current session data to the database. If 'must_create' is
	46	True, a database error will be raised if the saving operation doesn't
	47	create a new entry (as opposed to possibly updating an existing
	48	entry).
	49	"""
	50	obj = Session(
41	51	session_key = self.session_key,
42	52	session_data = self.encode(self._session),
43	53	expire_date = self.get_expiry_date()
44	54	)
	55	sid = transaction.savepoint()
	56	try:
	57	obj.save(force_insert=must_create)
	58	except IntegrityError:
	59	if must_create:
	60	transaction.savepoint_rollback(sid)
	61	raise CreateError
	62	raise
45	63
46	64	def delete(self, session_key):

django/trunk/django/contrib/sessions/backends/file.py

r7725	r8340
3	3
4	4	from django.conf import settings
5		from django.contrib.sessions.backends.base import SessionBase
	5	from django.contrib.sessions.backends.base import SessionBase, CreateError
6	6	from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured
7	7
…	…
49	49	try:
50	50	session_data = self.decode(session_file.read())
51		except(EOFError, SuspiciousOperation):
52		self._session_key = self._get_new_session_key()
53		self._session_cache = {}
54		self.save()
55		# Ensure the user is notified via a new cookie.
56		self.modified = True
	51	except (EOFError, SuspiciousOperation):
	52	self.create()
57	53	finally:
58	54	session_file.close()
59		except~~(IOError)~~:
	55	except IOError:
60	56	pass
61	57	return session_data
62	58
63		def save(self):
	59	def create(self):
	60	while True:
	61	self._session_key = self._get_new_session_key()
	62	try:
	63	self.save(must_create=True)
	64	except CreateError:
	65	continue
	66	self.modified = True
	67	self._session_cache = {}
	68	return
	69
	70	def save(self, must_create=False):
	71	flags = os.O_WRONLY \| os.O_CREAT \| os.O_TRUNC \| getattr(os, 'O_BINARY', 0)
	72	if must_create:
	73	flags \|= os.O_EXCL
64	74	try:
65		f ~~= open(self._key_to_file(self.session_key), "wb"~~)
	75	fd = os.open(self._key_to_file(self.session_key), flags)
66	76	try:
67		~~f.write(~~self.encode(self._session))
	77	os.write(fd, self.encode(self._session))
68	78	finally:
69		f.close()
70		except(IOError, EOFError):
	79	os.close(fd)
	80	except OSError, e:
	81	if must_create and e.errno == errno.EEXIST:
	82	raise CreateError
	83	raise
	84	except (IOError, EOFError):
71	85	pass
72	86

Code