Ticket #8061: temporary-session-key.diff

django/contrib/sessions/middleware.py

@@ -22 +22 @@
             if accessed:
                 patch_vary_headers(response, ('Cookie',))
             if modified or settings.SESSION_SAVE_EVERY_REQUEST:
-                if request.session.get_expire_at_browser_close():
-                    max_age = None
-                    expires = None
-                else:
-                    max_age = request.session.get_expiry_age()
-                    expires_time = time.time() + max_age
-                    expires = cookie_date(expires_time)
                 # Save the session data and refresh the client cookie.
                 request.session.save()
-                response.set_cookie(settings.SESSION_COOKIE_NAME,
-                        request.session.session_key, max_age=max_age,
-                        expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
-                        path=settings.SESSION_COOKIE_PATH,
-                        secure=settings.SESSION_COOKIE_SECURE or None)
+                self.set_session_cookie(request, response,
+                        request.session.session_key)
+            elif settings.SESSION_COOKIE_NAME not in request.COOKIES:
+                # Set a temporary cookie
+                self.set_session_cookie(request, response, '')
         return response
+
+    def set_session_cookie(self, request, response, key):
+        if request.session.get_expire_at_browser_close():
+            max_age = None
+            expires = None
+        else:
+            max_age = request.session.get_expiry_age()
+            expires_time = time.time() + max_age
+            expires = cookie_date(expires_time)
+        response.set_cookie(settings.SESSION_COOKIE_NAME, key,
+                max_age=max_age, expires=expires,
+                domain=settings.SESSION_COOKIE_DOMAIN,
+                path=settings.SESSION_COOKIE_PATH,
+                secure=settings.SESSION_COOKIE_SECURE or None)

django/contrib/sessions/backends/base.py

@@ -18 +18 @@
     """
     Base class for all Session classes.
     """
-    TEST_COOKIE_NAME = 'testcookie'
-    TEST_COOKIE_VALUE = 'worked'
 
     def __init__(self, session_key=None):
         self._session_key = session_key
         self.accessed = False
         self.modified = False
+        self._cookie_received = (session_key is not None)
 
     def __contains__(self, key):
         return key in self._session
@@ -62 +61 @@
             return value
 
     def set_test_cookie(self):
-        self[self.TEST_COOKIE_NAME] = self.TEST_COOKIE_VALUE
+        from warnings import warn
+        warn('set_test_cookie is deprecated. It is no longer required.')
 
     def test_cookie_worked(self):
-        return self.get(self.TEST_COOKIE_NAME) == self.TEST_COOKIE_VALUE
+        from warnings import warn
+        warn('test_cookie_worked is deprecated. Use request.accepts_cookies()')
+        return self.accepts_cookies()
 
     def delete_test_cookie(self):
-        del self[self.TEST_COOKIE_NAME]
+        from warnings import warn
+        warn('delete_test_cookie is deprecated. It is no longer required.')
 
+    def accepts_cookies(self):
+        return self._cookie_received
+
     def encode(self, session_dict):
         "Returns the given session dictionary pickled and encoded as a string."
         pickled = pickle.dumps(session_dict, pickle.HIGHEST_PROTOCOL)
@@ -141 +147 @@
         try:
             return self._session_cache
         except AttributeError:
-            if self._session_key is None:
+            if self._session_key:
+                self._session_cache = self.load()
+            else:
                 self._session_cache = {}
-            else:
-                self._session_cache = self.load()
         return self._session_cache
 
     _session = property(_get_session)