Ticket #8122: 8122-r8277.diff

File 8122-r8277.diff, 7.8 KB (added by jcassee, 7 years ago)
  • django/contrib/sessions/backends/base.py

     
    1818    """
    1919    Base class for all Session classes.
    2020    """
    21     TEST_COOKIE_NAME = 'testcookie'
    22     TEST_COOKIE_VALUE = 'worked'
    2321
    2422    def __init__(self, session_key=None):
    2523        self._session_key = session_key
    2624        self.accessed = False
    2725        self.modified = False
     26        self.cookie_received = (session_key is not None)
    2827
    2928    def __contains__(self, key):
    3029        return key in self._session
     
    6261            return value
    6362
    6463    def set_test_cookie(self):
    65         self[self.TEST_COOKIE_NAME] = self.TEST_COOKIE_VALUE
     64        from warnings import warn
     65        warn('set_test_cookie() is deprecated. It is no longer required.')
    6666
    6767    def test_cookie_worked(self):
    68         return self.get(self.TEST_COOKIE_NAME) == self.TEST_COOKIE_VALUE
     68        from warnings import warn
     69        warn('test_cookie_worked() is deprecated. Use request.cookie_received')
     70        return self.cookie_received
    6971
    7072    def delete_test_cookie(self):
    71         del self[self.TEST_COOKIE_NAME]
     73        from warnings import warn
     74        warn('delete_test_cookie() is deprecated. It is no longer required.')
    7275
    73     def encode(self, session_dict):
     76    def encode(self, session_dict):
    7477        "Returns the given session dictionary pickled and encoded as a string."
    7578        pickled = pickle.dumps(session_dict, pickle.HIGHEST_PROTOCOL)
    7679        pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest()
  • django/contrib/sessions/middleware.py

     
    2222            if accessed:
    2323                patch_vary_headers(response, ('Cookie',))
    2424            if modified or settings.SESSION_SAVE_EVERY_REQUEST:
    25                 if request.session.get_expire_at_browser_close():
    26                     max_age = None
    27                     expires = None
    28                 else:
    29                     max_age = request.session.get_expiry_age()
    30                     expires_time = time.time() + max_age
    31                     expires = cookie_date(expires_time)
    3225                # Save the session data and refresh the client cookie.
    3326                request.session.save()
    34                 response.set_cookie(settings.SESSION_COOKIE_NAME,
    35                         request.session.session_key, max_age=max_age,
    36                         expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
    37                         path=settings.SESSION_COOKIE_PATH,
    38                         secure=settings.SESSION_COOKIE_SECURE or None)
     27                self.set_session_cookie(request, response,
     28                        request.session.session_key)
     29            elif not request.session.cookie_received:
     30                # Set a temporary cookie
     31                self.set_session_cookie(request, response, '')
    3932        return response
     33
     34    def set_session_cookie(self, request, response, value):
     35        if request.session.get_expire_at_browser_close():
     36            max_age = None
     37            expires = None
     38        else:
     39            max_age = request.session.get_expiry_age()
     40            expires_time = time.time() + max_age
     41            expires = cookie_date(expires_time)
     42        response.set_cookie(settings.SESSION_COOKIE_NAME, value,
     43                max_age=max_age, expires=expires,
     44                domain=settings.SESSION_COOKIE_DOMAIN,
     45                path=settings.SESSION_COOKIE_PATH,
     46                secure=settings.SESSION_COOKIE_SECURE or None)
  • tests/regressiontests/sessions_regress/tests.py

     
     1# -*- coding: utf-8 -*-
     2
     3from django.test import TestCase
     4from django.http import HttpRequest, HttpResponse
     5from django.contrib.sessions.middleware import SessionMiddleware
     6from django.conf import settings
     7
     8class SessionMiddlewareTest(TestCase):
     9    def test_no_cookie(self):
     10        """
     11        Tests that the session middleware works when the client does not send
     12        a session cookie.
     13        """
     14        middleware = SessionMiddleware()
     15        request = HttpRequest()
     16        middleware.process_request(request)
     17        assert not request.session.cookie_received
     18        response = middleware.process_response(request, HttpResponse())
     19        assert settings.SESSION_COOKIE_NAME in response.cookies
     20        assert response.cookies[settings.SESSION_COOKIE_NAME].value == ''
     21
     22    def test_empty_cookie(self):
     23        """
     24        Tests that the session middleware works when the client sends an empty
     25        session cookie.
     26        """
     27        middleware = SessionMiddleware()
     28        request = HttpRequest()
     29        request.COOKIES[settings.SESSION_COOKIE_NAME] = ''
     30        middleware.process_request(request)
     31        assert request.session.cookie_received
     32        response = middleware.process_response(request, HttpResponse())
     33        assert not settings.SESSION_COOKIE_NAME in response.cookies
     34
     35    def test_valid_cookie(self):
     36        """
     37        Tests that the session middleware works when the client sends a valid
     38        session cookie.
     39        """
     40        # First get valid session id
     41        middleware = SessionMiddleware()
     42        request = HttpRequest()
     43        middleware.process_request(request)
     44        request.session['test'] = 'test'
     45        response = middleware.process_response(request, HttpResponse())
     46        sessionid = response.cookies[settings.SESSION_COOKIE_NAME].value
     47        assert sessionid != ''
     48        # Now check behavior for valid session id
     49        request = HttpRequest()
     50        request.COOKIES[settings.SESSION_COOKIE_NAME] = sessionid
     51        middleware.process_request(request)
     52        assert request.session.cookie_received
     53        assert request.session['test'] == 'test'
     54        response = middleware.process_response(request, HttpResponse())
     55        assert not settings.SESSION_COOKIE_NAME in response.cookies
     56
     57    def test_invalid_cookie(self):
     58        """
     59        Tests that the session middleware works when the client sends an
     60        invalid session cookie.
     61        """
     62        # First get valid session id
     63        middleware = SessionMiddleware()
     64        request = HttpRequest()
     65        middleware.process_request(request)
     66        request.session['test'] = 'test'
     67        response = middleware.process_response(request, HttpResponse())
     68        sessionid = response.cookies[settings.SESSION_COOKIE_NAME].value
     69        assert sessionid != ''
     70        # Now check behavior for invalid session id
     71        request = HttpRequest()
     72        request.COOKIES[settings.SESSION_COOKIE_NAME] = 'invalid'
     73        middleware.process_request(request)
     74        assert request.session.cookie_received
     75        assert 'test' not in request.session
     76        response = middleware.process_response(request, HttpResponse())
     77        assert settings.SESSION_COOKIE_NAME in response.cookies
     78        assert response.cookies[settings.SESSION_COOKIE_NAME] != ''
     79        assert response.cookies[settings.SESSION_COOKIE_NAME] != sessionid
  • tests/regressiontests/sessions_regress/models.py

     
     1# models.py file for tests to run.
Back to Top