Author: lukeplant
Date: 2010-11-14 16:23:46 -0600 (Sun, 14 Nov 2010)
New Revision: 14562
Modified:
django/trunk/django/contrib/sessions/models.py
django/trunk/django/contrib/sessions/tests.py
Log:
Fixed #14685 - incompatible code in contrib.sessions.models
Thanks to PaulM for the report.
Modified: django/trunk/django/contrib/sessions/models.py
===================================================================
--- django/trunk/django/contrib/sessions/models.py 2010-11-14 15:50:01 UTC
(rev 14561)
+++ django/trunk/django/contrib/sessions/models.py 2010-11-14 22:23:46 UTC
(rev 14562)
@@ -3,18 +3,13 @@
from django.db import models
from django.utils.translation import ugettext_lazy as _
-from django.conf import settings
-from django.utils.hashcompat import md5_constructor
-
class SessionManager(models.Manager):
def encode(self, session_dict):
"""
Returns the given session dictionary pickled and encoded as a string.
"""
- pickled = pickle.dumps(session_dict)
- pickled_md5 = md5_constructor(pickled +
settings.SECRET_KEY).hexdigest()
- return base64.encodestring(pickled + pickled_md5)
+ return SessionStore().encode(session_dict)
def save(self, session_key, session_dict, expire_date):
s = self.model(session_key, self.encode(session_dict), expire_date)
@@ -54,14 +49,6 @@
verbose_name_plural = _('sessions')
def get_decoded(self):
- encoded_data = base64.decodestring(self.session_data)
- pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
- if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() !=
tamper_check:
- from django.core.exceptions import SuspiciousOperation
- raise SuspiciousOperation("User tampered with session cookie.")
- try:
- return pickle.loads(pickled)
- # Unpickling can cause a variety of exceptions. If something happens,
- # just return an empty dictionary (an empty session).
- except:
- return {}
+ return SessionStore().decode(self.session_data)
+
+from django.contrib.sessions.backends.db import SessionStore
Modified: django/trunk/django/contrib/sessions/tests.py
===================================================================
--- django/trunk/django/contrib/sessions/tests.py 2010-11-14 15:50:01 UTC
(rev 14561)
+++ django/trunk/django/contrib/sessions/tests.py 2010-11-14 22:23:46 UTC
(rev 14562)
@@ -263,7 +263,34 @@
backend = DatabaseSession
+ def test_session_get_decoded(self):
+ """
+ Test we can use Session.get_decoded to retrieve data stored
+ in normal way
+ """
+ self.session['x'] = 1
+ self.session.save()
+ s = Session.objects.get(session_key=self.session.session_key)
+
+ self.assertEqual(s.get_decoded(), {'x': 1})
+
+ def test_sessionmanager_save(self):
+ """
+ Test SessionManager.save method
+ """
+ # Create a session
+ self.session['y'] = 1
+ self.session.save()
+
+ s = Session.objects.get(session_key=self.session.session_key)
+ # Change it
+ Session.objects.save(s.session_key, {'y':2}, s.expire_date)
+ # Clear cache, so that it will be retrieved from DB
+ del self.session._session_cache
+ self.assertEqual(self.session['y'], 2)
+
+
class CacheDBSessionTests(SessionTestsMixin, TestCase):
backend = CacheDBSession
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
