Ticket #2548: session_middleware.6.diff

File session_middleware.6.diff, 5.7 KB (added by upadhyay@…, 8 years ago)

with docs, without newline munging.

  • django/contrib/sessions/middleware.py

     
    11from django.conf import settings
    2 from django.contrib.sessions.models import Session
     2from django.contrib.sessions.models import Session, TILL_BROWSER_CLOSE
    33from django.core.exceptions import SuspiciousOperation
    44from django.utils.cache import patch_vary_headers
    55import datetime
     
    4848    def delete_test_cookie(self):
    4949        del self[TEST_COOKIE_NAME]
    5050
     51    def set_life(self, val):
     52        """
     53            sets the life of the session, irrespective of global settings.
     54            val is in seconds.
     55
     56            django.contrib.sessions.models.TILL_BROWSER_CLOSE can also be passed
     57            to ask django to quell session on browser close, overwriting global settings.
     58        """
     59        if val == TILL_BROWSER_CLOSE:
     60            self["_expires_on"] = TILL_BROWSER_CLOSE
     61        else:
     62            self["_expires_on"] = datetime.datetime.now() + datetime.timedelta(seconds=val)
     63
    5164    def _get_session(self):
    5265        # Lazily loads session from storage.
    5366        self.accessed = True
     
    92105                    obj = Session.objects.get_new_session_object()
    93106                    session_key = obj.session_key
    94107
    95                 if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
    96                     max_age = None
    97                     expires = None
    98                 else:
    99                     max_age = settings.SESSION_COOKIE_AGE
    100                     expires = datetime.datetime.strftime(datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE), "%a, %d-%b-%Y %H:%M:%S GMT")
    101                 new_session = Session.objects.save(session_key, request.session._session,
    102                     datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
    103                 response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
     108                now = datetime.datetime.now()
     109                delta_yield = now + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE)
     110                if (
     111                    (
     112                        # if session is set to expire on browser close globally
     113                        settings.SESSION_EXPIRE_AT_BROWSER_CLOSE and
     114                        # but someone did not set _expires_on, or set it to TILL_BROWSER_CLOSE
     115                        request.session.get("_expires_on", TILL_BROWSER_CLOSE) == TILL_BROWSER_CLOSE
     116                    ) or
     117                    (
     118                        # if someone asked as to expire on browser close irrespective of global setting
     119                        request.session.get("_expires_on") == TILL_BROWSER_CLOSE
     120                    )
     121                ):
     122                    max_age = None # session expiry is simulated by cookie deletion.
     123                    expires = None # which is done by setting these two to None
     124                else: # session need to be preserved, cookie has to be set
     125                    delta_yield = request.session.get("_expires_on", delta_yield)
     126                    max_age_timedelta = delta_yield - now
     127                    max_age = max_age_timedelta.days * 24 * 60 * 60 + max_age_timedelta.seconds
     128                    expires = datetime.datetime.strftime(delta_yield, "%a, %d-%b-%Y %H:%M:%S GMT")
     129                Session.objects.save(session_key, request.session._session, delta_yield)
     130                response.set_cookie(
     131                    settings.SESSION_COOKIE_NAME, session_key,
    104132                    max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
    105                     secure=settings.SESSION_COOKIE_SECURE or None)
     133                    secure=settings.SESSION_COOKIE_SECURE or None
     134                )
    106135        return response
  • django/contrib/sessions/models.py

     
    44from django.utils.translation import gettext_lazy as _
    55from django.conf import settings
    66
     7TILL_BROWSER_CLOSE = -1
     8
    79class SessionManager(models.Manager):
    810    def encode(self, session_dict):
    911        "Returns the given session dictionary pickled and encoded as a string."
  • docs/sessions.txt

     
    5858
    5959    * ``items()``
    6060
    61 It also has these three methods:
     61It also has these four methods:
    6262
    6363    * ``set_test_cookie()``
    6464      Sets a test cookie to determine whether the user's browser supports
     
    7575    * ``delete_test_cookie()``
    7676      Deletes the test cookie. Use this to clean up after yourself.
    7777
     78    * ``set_life(val)``
     79      It takes an integer, number of seconds for which the session should be
     80      valid. It can also take django.contrib.session.models.TILL_BROWSER_CLOSE,
     81      that will quell the session at the close of browser. Calling set_life
     82      will overwrite the global/default session expiry policy. See
     83      `browser-length sessions vs. persistent sessions` for default session expiry
     84      policy.
     85
    7886You can edit ``request.session`` at any point in your view. You can edit it
    7987multiple times.
    8088
     
    217225her browser. Use this if you want people to have to log in every time they open
    218226a browser.
    219227
     228These settings are global defaults, and can be overwritten by explicitly calling
     229``request.session.set_life()`` as described above.
     230
    220231Clearing the session table
    221232==========================
    222233
Back to Top