From cc6ab63185580ecc44652d21fe6b491db458c15e Mon Sep 17 00:00:00 2001 From: David Read Date: Tue, 1 May 2012 14:16:42 +0100 Subject: [PATCH] Remove session cooky after request has been processed. This caused obscure bug in DGU when you tried to save the session straight in the next request after deleting it. If you check after the request is done, then you take account of the wishes in that request. Therefore you also do not need the check to see if you are on a particular page that might create the session. --- ckan/lib/base.py | 62 ++++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/ckan/lib/base.py b/ckan/lib/base.py index 3d46b45ece0..5b8c9081fbe 100644 --- a/ckan/lib/base.py +++ b/ckan/lib/base.py @@ -187,41 +187,41 @@ def __call__(self, environ, start_response): # the request is routed to. This routing information is # available in environ['pylons.routes_dict'] + try: + res = WSGIController.__call__(self, environ, start_response) + finally: + model.Session.remove() + # Clean out any old cookies as they may contain api keys etc # This also improves the cachability of our pages as cookies # prevent proxy servers from caching content unless they have # been configured to ignore them. - # we do not want to clear cookies when setting the user lang - if not environ.get('PATH_INFO').startswith('/user/set_lang'): - for cookie in request.cookies: - if cookie.startswith('ckan') and cookie not in ['ckan']: - response.delete_cookie(cookie) - # Remove the ckan session cookie if not used e.g. logged out - elif cookie == 'ckan' and not c.user: - # Check session for valid data (including flash messages) - # (DGU also uses session for a shopping basket-type behaviour) - is_valid_cookie_data = False - for key, value in session.items(): - if not key.startswith('_') and value: - is_valid_cookie_data = True - break - if not is_valid_cookie_data: - if session.id: - if not session.get('lang'): - self.log.debug('No session data any more - deleting session') - self.log.debug('Session: %r', session.items()) - session.delete() - else: - response.delete_cookie(cookie) - self.log.debug('No session data any more - deleting session cookie') - # Remove auth_tkt repoze.who cookie if user not logged in. - elif cookie == 'auth_tkt' and not session.id: - response.delete_cookie(cookie) - - try: - return WSGIController.__call__(self, environ, start_response) - finally: - model.Session.remove() + for cookie in request.cookies: + if cookie.startswith('ckan') and cookie not in ['ckan']: + response.delete_cookie(cookie) + # Remove the ckan session cookie if not used e.g. logged out + elif cookie == 'ckan' and not c.user: + # Check session for valid data (including flash messages) + # (DGU also uses session for a shopping basket-type behaviour) + is_valid_cookie_data = False + for key, value in session.items(): + if not key.startswith('_') and value: + is_valid_cookie_data = True + break + if not is_valid_cookie_data: + if session.id: + if not session.get('lang'): + self.log.debug('No session data any more - deleting session') + self.log.debug('Session: %r', session.items()) + session.delete() + else: + response.delete_cookie(cookie) + self.log.debug('No session data any more - deleting session cookie') + # Remove auth_tkt repoze.who cookie if user not logged in. + elif cookie == 'auth_tkt' and not session.id: + response.delete_cookie(cookie) + + return res def __after__(self, action, **params): self._set_cors()