Ticket #13478: 13478.1.patch

File 13478.1.patch, 1.3 KB (added by aaugustin, 3 years ago)
  • docs/topics/http/sessions.txt

     
    349349
    350350    >>> from django.contrib.sessions.backends.db import SessionStore
    351351    >>> import datetime
     352    >>> s = SessionStore()
     353    >>> s['last_login'] = datetime.datetime(2005, 8, 20, 13, 35, 10)
     354    >>> s.save()
     355    >>> s.session_key
     356    '2b1189a188b44ad18c35e113ac6ceead'
     357
    352358    >>> s = SessionStore(session_key='2b1189a188b44ad18c35e113ac6ceead')
    353     >>> s['last_login'] = datetime.datetime(2005, 8, 20, 13, 35, 10)
    354359    >>> s['last_login']
    355360    datetime.datetime(2005, 8, 20, 13, 35, 0)
    356     >>> s.save()
    357361
    358 If ``session_key`` isn't provided, one will be generated automatically::
     362In order to prevent session fixation attacks, sessions keys that don't exist
     363are regenerated::
    359364
    360365    >>> from django.contrib.sessions.backends.db import SessionStore
    361     >>> s = SessionStore()
     366    >>> s = SessionStore(session_key='no-such-session-here')
    362367    >>> s.save()
    363368    >>> s.session_key
    364     '2b1189a188b44ad18c35e113ac6ceead'
     369    'ff882814010ccbc3c870523934fee5a2'
    365370
    366371If you're using the ``django.contrib.sessions.backends.db`` backend, each
    367372session is just a normal Django model. The ``Session`` model is defined in
Back to Top