Ticket #2133: session.diff

File session.diff, 3.1 KB (added by greg-django@…, 10 years ago)

patch for SVN trunk

  • django/conf/global_settings.py

     
    246246SESSION_COOKIE_DOMAIN = None              # A string like ".lawrence.com", or None for standard domain cookie.
    247247SESSION_SAVE_EVERY_REQUEST = False        # Whether to save the session data on every request.
    248248SESSION_EXPIRE_AT_BROWSER_CLOSE = False   # Whether sessions expire when a user closes his browser.
     249SESSION_COMPLAIN_IF_INVALID = False       # Whether to raise an error if the session cookie doesn't authenticate (instead of just ignoring it)
    249250
    250251#########
    251252# CACHE #
  • django/contrib/sessions/middleware.py

     
    6060                    # Set the session_key to None to force creation of a new
    6161                    # key, for extra security.
    6262                    self.session_key = None
     63                except SuspiciousOperation:
     64                    if settings.SESSION_COMPLAIN_IF_INVALID:
     65                        raise
     66                    self._session_cache = {}
     67                    self.session_key = None
    6368            return self._session_cache
    6469
    6570    _session = property(_get_session)
  • docs/sessions.txt

     
    241241
    242242The name of the cookie to use for sessions. This can be whatever you want.
    243243
     244SESSION_SAVE_EVERY_REQUEST
     245--------------------------
     246
     247Default: ``False``
     248
     249Whether to save the session data on every request. If this is ``False``
     250(default), then the session data will only be saved if it has been modified --
     251that is, if any of its dictionary values have been assigned or deleted.
     252
     253.. _Django settings: http://www.djangoproject.com/documentation/settings/
     254
    244255SESSION_EXPIRE_AT_BROWSER_CLOSE
    245256-------------------------------
    246257
     
    249260Whether to expire the session when the user closes his or her browser. See
    250261"Browser-length sessions vs. persistent sessions" above.
    251262
    252 SESSION_SAVE_EVERY_REQUEST
    253 --------------------------
     263SESSION_COMPLAIN_IF_INVALID
     264---------------------------
    254265
    255266Default: ``False``
    256267
    257 Whether to save the session data on every request. If this is ``False``
    258 (default), then the session data will only be saved if it has been modified --
    259 that is, if any of its dictionary values have been assigned or deleted.
     268Whether to raise an error if the session cookie doesn't authenticate
     269correctly. This can happen two ways: either you change a site's
     270``SECRET_KEY``, or someone tries to hack your site by creating a
     271cookie of their own. By default, Django will ignore invalid cookies,
     272and act as if the client didn't present a cookie at all. Turning this
     273flag on will make warn the user that the cookie their browser sent was
     274invalid.
    260275
    261 .. _Django settings: http://www.djangoproject.com/documentation/settings/
    262 
    263276Technical details
    264277=================
    265278
Back to Top