Ticket #2548: session_middleware.4.diff

File session_middleware.4.diff, 4.3 KB (added by upadhyay@…, 8 years ago)

the api has been changed, and now there is support for clearing session on browser close.

  • contrib/sessions/middleware.py

     
    11from django.conf import settings
    2 from django.contrib.sessions.models import Session
     2from django.contrib.sessions.models import Session, TILL_BROWSER_CLOSE
    33from django.core.exceptions import SuspiciousOperation
    44from django.utils.cache import patch_vary_headers
    55import datetime
     
    4848    def delete_test_cookie(self):
    4949        del self[TEST_COOKIE_NAME]
    5050
     51    def set_life(self, val):
     52        """
     53            sets the life of the session, irrespective of global settings.
     54            val is in seconds.
     55
     56            django.contrib.sessions.models.TILL_BROWSER_CLOSE can also be passed
     57            to ask django to quell session on browser close, overwriting global settings.
     58        """
     59        if val == TILL_BROWSER_CLOSE:
     60            self["_expires_on"] = TILL_BROWSER_CLOSE
     61        else:
     62            self["_expires_on"] = datetime.datetime.now() + datetime.timedelta(seconds=val)
     63
    5164    def _get_session(self):
    5265        # Lazily loads session from storage.
    5366        self.accessed = True
     
    92105                    obj = Session.objects.get_new_session_object()
    93106                    session_key = obj.session_key
    94107
    95                 if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
    96                     max_age = None
    97                     expires = None
    98                 else:
    99                     max_age = settings.SESSION_COOKIE_AGE
    100                     expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT")
    101                 new_session = Session.objects.save(session_key, request.session._session,
    102                     datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
    103                 response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
     108                now = datetime.datetime.now()
     109                delta_yield = now + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE)
     110                if (
     111                    (
     112                        # if session is set to expire on browser close globally
     113                        settings.SESSION_EXPIRE_AT_BROWSER_CLOSE and
     114                        # but someone did not set _expires_on, or set it to TILL_BROWSER_CLOSE
     115                        request.session.get("_expires_on", TILL_BROWSER_CLOSE) == TILL_BROWSER_CLOSE
     116                    ) or
     117                    (
     118                        # if someone asked as to expire on browser close irrespective of global setting
     119                        request.session.get("_expires_on") == TILL_BROWSER_CLOSE
     120                    )
     121                ):
     122                    max_age = None # session expiry is simulated by cookie deletion.
     123                    expires = None # which is done by setting these two to None
     124                else: # session need to be preserved, cookie has to be set
     125                    delta_yield = request.session.get("_expires_on", delta_yield)
     126                    max_age_timedelta = delta_yield - now
     127                    max_age = max_age_timedelta.days * 24 * 60 * 60 + max_age_timedelta.seconds
     128                    expires = datetime.datetime.strftime(delta_yield, "%a, %d-%b-%Y %H:%M:%S GMT")
     129                Session.objects.save(session_key, request.session._session, delta_yield)
     130                response.set_cookie(
     131                    settings.SESSION_COOKIE_NAME, session_key,
    104132                    max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
    105                     secure=settings.SESSION_COOKIE_SECURE or None)
     133                    secure=settings.SESSION_COOKIE_SECURE or None
     134                )
    106135        return response
  • contrib/sessions/models.py

     
    44from django.utils.translation import gettext_lazy as _
    55from django.conf import settings
    66
     7TILL_BROWSER_CLOSE = -1
     8
    79class SessionManager(models.Manager):
    810    def encode(self, session_dict):
    911        "Returns the given session dictionary pickled and encoded as a string."
Back to Top