Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Implemented a flush() method on sessions that cleans out the session and

regenerates the key. Used to ensure the caller gets a fresh session at logout,
for example.

Based on a patch from mrts. Refs #7515.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8342 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 5e8efa9a6032f9c4278199ab354c3ff742387263 1 parent 31ec68c
@malcolmt malcolmt authored
View
14 django/contrib/sessions/backends/base.py
@@ -223,6 +223,15 @@ def get_expire_at_browser_close(self):
return settings.SESSION_EXPIRE_AT_BROWSER_CLOSE
return self.get('_session_expiry') == 0
+ def flush(self):
+ """
+ Removes the current session data from the database and regenerates the
+ key.
+ """
+ self.clear()
+ self.delete()
+ self.create()
+
# Methods that child classes must implement.
def exists(self, session_key):
@@ -247,9 +256,10 @@ def save(self, must_create=False):
"""
raise NotImplementedError
- def delete(self, session_key):
+ def delete(self, session_key=None):
"""
- Clears out the session data under this key.
+ Deletes the session data under this key. If the key is None, the
+ current session key value is used.
"""
raise NotImplementedError
View
4 django/contrib/sessions/backends/cache.py
@@ -39,6 +39,8 @@ def exists(self, session_key):
return True
return False
- def delete(self, session_key):
+ def delete(self, session_key=None):
+ if session_key is None:
+ session_key = self._session_key
self._cache.delete(session_key)
View
4 django/contrib/sessions/backends/db.py
@@ -61,7 +61,9 @@ def save(self, must_create=False):
raise CreateError
raise
- def delete(self, session_key):
+ def delete(self, session_key=None):
+ if session_key is None:
+ session_key = self._session_key
try:
Session.objects.get(session_key=session_key).delete()
except Session.DoesNotExist:
View
4 django/contrib/sessions/backends/file.py
@@ -89,7 +89,9 @@ def exists(self, session_key):
return True
return False
- def delete(self, session_key):
+ def delete(self, session_key=None):
+ if session_key is None:
+ session_key = self._session_key
try:
os.unlink(self._key_to_file(session_key))
except OSError:
View
38 django/contrib/sessions/tests.py
@@ -23,6 +23,19 @@
>>> db_session.exists(db_session.session_key)
False
+>>> db_session['foo'] = 'bar'
+>>> db_session.save()
+>>> db_session.exists(db_session.session_key)
+True
+>>> prev_key = db_session.session_key
+>>> db_session.flush()
+>>> db_session.exists(prev_key)
+False
+>>> db_session.session_key == prev_key
+False
+>>> db_session.modified, db_session.accessed
+(True, True)
+
>>> file_session = FileSession()
>>> file_session.modified
False
@@ -40,6 +53,19 @@
>>> file_session.exists(file_session.session_key)
False
+>>> file_session['foo'] = 'bar'
+>>> file_session.save()
+>>> file_session.exists(file_session.session_key)
+True
+>>> prev_key = file_session.session_key
+>>> file_session.flush()
+>>> file_session.exists(prev_key)
+False
+>>> file_session.session_key == prev_key
+False
+>>> file_session.modified, file_session.accessed
+(True, True)
+
# Make sure the file backend checks for a good storage dir
>>> settings.SESSION_FILE_PATH = "/if/this/directory/exists/you/have/a/weird/computer"
>>> FileSession()
@@ -61,6 +87,18 @@
>>> cache_session.delete(cache_session.session_key)
>>> cache_session.exists(cache_session.session_key)
False
+>>> cache_session['foo'] = 'bar'
+>>> cache_session.save()
+>>> cache_session.exists(cache_session.session_key)
+True
+>>> prev_key = cache_session.session_key
+>>> cache_session.flush()
+>>> cache_session.exists(prev_key)
+False
+>>> cache_session.session_key == prev_key
+False
+>>> cache_session.modified, cache_session.accessed
+(True, True)
>>> s = SessionBase()
>>> s._session['some key'] = 'exists' # Pre-populate the session with some data
View
10 docs/sessions.txt
@@ -110,6 +110,16 @@ A session object has the following standard dictionary methods:
It also has these methods:
+ * ``flush()``
+
+ **New in Django development version**
+
+ Delete the current session data from the database and regenerate the
+ session key value that is sent back to the user in the cookie. This is
+ used if you want to ensure that the previous session data can't be
+ accessed again from the user's browser (for example, the standard
+ ``logout()`` method calls it).
+
* ``set_test_cookie()``
Sets a test cookie to determine whether the user's browser supports
Please sign in to comment.
Something went wrong with that request. Please try again.