Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Empty session data if session age > max_age #331

Merged
merged 1 commit into from
Oct 12, 2018

Conversation

panagiks
Copy link
Contributor

Fixes #325

@codecov
Copy link

codecov bot commented Oct 11, 2018

Codecov Report

Merging #331 into master will increase coverage by 0.05%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #331      +/-   ##
==========================================
+ Coverage    97.2%   97.26%   +0.05%     
==========================================
  Files           4        4              
  Lines         215      219       +4     
  Branches       25       26       +1     
==========================================
+ Hits          209      213       +4     
  Misses          4        4              
  Partials        2        2
Impacted Files Coverage Δ
aiohttp_session/__init__.py 98.1% <100%> (+0.04%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8ba1c31...308c839. Read the comment docs.

@panagiks
Copy link
Contributor Author

As with #326 the fix is retroactive. (Already created sessions will be handled properly and there is no need for secret key rotation / re-issuing).

@panagiks
Copy link
Contributor Author

The failing tests seem to only be for Python 3.7 (and nightly)

@asvetlov asvetlov merged commit 1b356f0 into aio-libs:master Oct 12, 2018
@asvetlov
Copy link
Member

thanks

@asvetlov
Copy link
Member

Failed Python 3.7 is about #330

@hubo1016
Copy link

I'm sorry but this makes me confused: max_age is used for an idle timeout before v2.7.0, but this change makes it a hard_timeout. More importantly, created_time is never updated even after resetting the content, so this means that if the web application does not recreate the session manually, the user will always get an expired session even after login again. This is a SERIOUS BREAK.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants