Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Implemented a flush() method on sessions that cleans out the session and

regenerates the key. Used to ensure the caller gets a fresh session at logout,
for example.

Based on a patch from mrts. Refs #7515.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8342 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 5e8efa9a6032f9c4278199ab354c3ff742387263 1 parent 31ec68c
Malcolm Tredinnick authored August 14, 2008
14  django/contrib/sessions/backends/base.py
@@ -223,6 +223,15 @@ def get_expire_at_browser_close(self):
223 223
             return settings.SESSION_EXPIRE_AT_BROWSER_CLOSE
224 224
         return self.get('_session_expiry') == 0
225 225
 
  226
+    def flush(self):
  227
+        """
  228
+        Removes the current session data from the database and regenerates the
  229
+        key.
  230
+        """
  231
+        self.clear()
  232
+        self.delete()
  233
+        self.create()
  234
+
226 235
     # Methods that child classes must implement.
227 236
 
228 237
     def exists(self, session_key):
@@ -247,9 +256,10 @@ def save(self, must_create=False):
247 256
         """
248 257
         raise NotImplementedError
249 258
 
250  
-    def delete(self, session_key):
  259
+    def delete(self, session_key=None):
251 260
         """
252  
-        Clears out the session data under this key.
  261
+        Deletes the session data under this key. If the key is None, the
  262
+        current session key value is used.
253 263
         """
254 264
         raise NotImplementedError
255 265
 
4  django/contrib/sessions/backends/cache.py
@@ -39,6 +39,8 @@ def exists(self, session_key):
39 39
             return True
40 40
         return False
41 41
 
42  
-    def delete(self, session_key):
  42
+    def delete(self, session_key=None):
  43
+        if session_key is None:
  44
+            session_key = self._session_key
43 45
         self._cache.delete(session_key)
44 46
 
4  django/contrib/sessions/backends/db.py
@@ -61,7 +61,9 @@ def save(self, must_create=False):
61 61
                 raise CreateError
62 62
             raise
63 63
 
64  
-    def delete(self, session_key):
  64
+    def delete(self, session_key=None):
  65
+        if session_key is None:
  66
+            session_key = self._session_key
65 67
         try:
66 68
             Session.objects.get(session_key=session_key).delete()
67 69
         except Session.DoesNotExist:
4  django/contrib/sessions/backends/file.py
@@ -89,7 +89,9 @@ def exists(self, session_key):
89 89
             return True
90 90
         return False
91 91
 
92  
-    def delete(self, session_key):
  92
+    def delete(self, session_key=None):
  93
+        if session_key is None:
  94
+            session_key = self._session_key
93 95
         try:
94 96
             os.unlink(self._key_to_file(session_key))
95 97
         except OSError:
38  django/contrib/sessions/tests.py
@@ -23,6 +23,19 @@
23 23
 >>> db_session.exists(db_session.session_key)
24 24
 False
25 25
 
  26
+>>> db_session['foo'] = 'bar'
  27
+>>> db_session.save()
  28
+>>> db_session.exists(db_session.session_key)
  29
+True
  30
+>>> prev_key = db_session.session_key
  31
+>>> db_session.flush()
  32
+>>> db_session.exists(prev_key)
  33
+False
  34
+>>> db_session.session_key == prev_key
  35
+False
  36
+>>> db_session.modified, db_session.accessed
  37
+(True, True)
  38
+
26 39
 >>> file_session = FileSession()
27 40
 >>> file_session.modified
28 41
 False
@@ -40,6 +53,19 @@
40 53
 >>> file_session.exists(file_session.session_key)
41 54
 False
42 55
 
  56
+>>> file_session['foo'] = 'bar'
  57
+>>> file_session.save()
  58
+>>> file_session.exists(file_session.session_key)
  59
+True
  60
+>>> prev_key = file_session.session_key
  61
+>>> file_session.flush()
  62
+>>> file_session.exists(prev_key)
  63
+False
  64
+>>> file_session.session_key == prev_key
  65
+False
  66
+>>> file_session.modified, file_session.accessed
  67
+(True, True)
  68
+
43 69
 # Make sure the file backend checks for a good storage dir
44 70
 >>> settings.SESSION_FILE_PATH = "/if/this/directory/exists/you/have/a/weird/computer"
45 71
 >>> FileSession()
@@ -61,6 +87,18 @@
61 87
 >>> cache_session.delete(cache_session.session_key)
62 88
 >>> cache_session.exists(cache_session.session_key)
63 89
 False
  90
+>>> cache_session['foo'] = 'bar'
  91
+>>> cache_session.save()
  92
+>>> cache_session.exists(cache_session.session_key)
  93
+True
  94
+>>> prev_key = cache_session.session_key
  95
+>>> cache_session.flush()
  96
+>>> cache_session.exists(prev_key)
  97
+False
  98
+>>> cache_session.session_key == prev_key
  99
+False
  100
+>>> cache_session.modified, cache_session.accessed
  101
+(True, True)
64 102
 
65 103
 >>> s = SessionBase()
66 104
 >>> s._session['some key'] = 'exists' # Pre-populate the session with some data
10  docs/sessions.txt
@@ -110,6 +110,16 @@ A session object has the following standard dictionary methods:
110 110
 
111 111
 It also has these methods:
112 112
 
  113
+    * ``flush()``
  114
+
  115
+      **New in Django development version**
  116
+
  117
+      Delete the current session data from the database and regenerate the
  118
+      session key value that is sent back to the user in the cookie. This is
  119
+      used if you want to ensure that the previous session data can't be
  120
+      accessed again from the user's browser (for example, the standard
  121
+      ``logout()`` method calls it).
  122
+
113 123
     * ``set_test_cookie()``
114 124
 
115 125
       Sets a test cookie to determine whether the user's browser supports

0 notes on commit 5e8efa9

Please sign in to comment.
Something went wrong with that request. Please try again.