Code

Ticket #18194: files-sessions-server-expiry-2.patch

File files-sessions-server-expiry-2.patch, 3.0 KB (added by crodjer, 2 years ago)

Patch 2 - Added a test to represent the problem statement and a separate function to check file session expiry.

  • django/contrib/sessions/backends/file.py

    diff --git a/django/contrib/sessions/backends/file.py b/django/contrib/sessions/backends/file.py
    index 0f86908..7b71ede 100644
    a b  
    11import errno 
    22import os 
    33import tempfile 
     4import time 
    45 
    56from django.conf import settings 
    67from django.contrib.sessions.backends.base import SessionBase, CreateError 
    class SessionStore(SessionBase): 
    4950        try: 
    5051            with open(self._key_to_file(), "rb") as session_file: 
    5152                file_data = session_file.read() 
    52             # Don't fail if there is no data in the session file. 
    53             # We may have opened the empty placeholder file. 
    54             if file_data: 
    55                 try: 
    56                     session_data = self.decode(file_data) 
    57                 except (EOFError, SuspiciousOperation): 
     53                # Create new session in case of an expired one 
     54                if self._expired(): 
    5855                    self.create() 
     56                # Don't fail if there is no data in the session file. 
     57                # We may have opened the empty placeholder file. 
     58                elif file_data: 
     59                    try: 
     60                        session_data = self.decode(file_data) 
     61                    except (EOFError, SuspiciousOperation): 
     62                        self.create() 
    5963        except IOError: 
    6064            self.create() 
    6165        return session_data 
    class SessionStore(SessionBase): 
    127131        except (OSError, IOError, EOFError): 
    128132            pass 
    129133 
     134    def _expired(self): 
     135        # The age of session file from last modify time 
     136        age = time.time() - os.path.getmtime(self._key_to_file()) 
     137        return age > settings.SESSION_COOKIE_AGE 
     138 
    130139    def exists(self, session_key): 
    131140        return os.path.exists(self._key_to_file(session_key)) 
    132141 
  • django/contrib/sessions/tests.py

    diff --git a/django/contrib/sessions/tests.py b/django/contrib/sessions/tests.py
    index 92ea6bb..d6da388 100644
    a b class FileSessionTests(SessionTestsMixin, unittest.TestCase): 
    345345        self.assertRaises(SuspiciousOperation, 
    346346                          self.backend("a/b/c").load) 
    347347 
     348    # This test fails with cookie and cache session, thats why added it to 
     349    # file tests only. 
     350    @override_settings(SESSION_COOKIE_AGE=0) 
     351    def test_onload_expiry_check(self): 
     352        """ 
     353        Test to ensure that expiry of session is checked on-load 
     354        """ 
     355 
     356        self.session['test-data'] = True 
     357        old_key = self.session.session_key 
     358        self.session.save() 
     359        self.assertTrue(self.session.get('test-data')) 
     360        self.session.load() 
     361        new_key = self.session.session_key 
     362 
     363        # Make sure a new key was generated after the invalidation of the old 
     364        # one. 
     365        self.assertNotEqual(old_key, new_key) 
     366        # The key test-data should not be present in the session. 
     367        self.assertFalse(self.session.get('test-data')) 
    348368 
    349369class CacheSessionTests(SessionTestsMixin, unittest.TestCase): 
    350370