Add a signal and flag for cookieless session saves

README.txt

@@ -30,6 +30,11 @@ As another safety measure, handling of GET requests can be turned off, so that t
 
 Please NOTE: It is not advisable to use this package without some form of the above restrictions being in place. 
 
+For the purposes of using both cookie based and cookieless sessions together, there is a
+custom cookieless_signal and a 'no_cookies' flag when cookieless sessions are saved.
+
+Both cater for hooking up custom code for handling these less secure sessions. 
+
 The package provides a decorator utility to turn off cookie setting for particular views (which also sets the csrf_exempt flag).
 
 The package also handles the case of session handling for anonymous users with cookies disabled in the browser.

cookieless/middleware.py

@@ -1,6 +1,7 @@
 #-*- coding:utf-8 -*-import time
 import re, pdb, time
 
+import django.dispatch
 from django.core.urlresolvers import resolve
 from django.conf import settings
 from django.utils.cache import patch_vary_headers
@@ -12,6 +13,12 @@
 from cookieless.utils import CryptSession
 from cookieless.config import LINKS_RE, DEFAULT_SETTINGS
 
+# Add a signal as a hook for the creation or saving of cookieless sessions
+# since these may need different handling to normal cookie based ones
+# NB: There is the django.contrib.sessions.models.Session model to hook to, 
+#     but creates and saves happen later and for both cookie and cookieless sessions
+cookieless_signal = django.dispatch.Signal() 
+
 class CookielessSessionMiddleware(object):
     """ Django snippets julio carlos and Ivscar 
         http://djangosnippets.org/snippets/1540/
@@ -22,6 +29,7 @@ class CookielessSessionMiddleware(object):
         with 'cookieless.middleware.CookielessSessionMiddleware'
 
         NB: Remember only decorated methods are cookieless
+        cookieless sessions get the no_cookies = True key added
     """
 
     def __init__(self):
@@ -49,8 +57,10 @@ def process_request(self, request):
         name = settings.SESSION_COOKIE_NAME
         session_key = ''
         match = resolve(request.path)
+        no_cookies = False
 
         if match and getattr(match.func, 'no_cookies', False):
+            no_cookies = True
             session_key = self._sesh.decrypt(request, 
                                              request.POST.get(name, None))
             if not session_key and self.settings.get('USE_GET', False):
@@ -72,6 +82,9 @@ def process_request(self, request):
         # If the session_key isn't tied to a session - create a new one
         if not session_key:
             request.session = self.engine.SessionStore() 
+            if no_cookies:
+                request.session['no_cookies'] = True
+                cookieless_signal.send(sender=request, created=True)
             request.session.save()
 
     def process_response(self, request, response):
@@ -89,8 +102,10 @@ def process_response(self, request, response):
                     # - may be attached to a user - so always start a new separate one
                     cookie_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME, '')
                     if cookie_key == request.session.session_key:
-                        request.session = self.engine.SessionStore() 
+                        request.session = self.engine.SessionStore()
+                        request.session['no_cookies'] = True
                         request.session.save()
+                        cookieless_signal.send(sender=request, created=True)
                 if self.settings.get('DELETE_COOKIES', False):
                     # Blat any existing cookies
                     for key in request.COOKIES.keys():
@@ -117,8 +132,9 @@ def process_response(self, request, response):
                         max_age = request.session.get_expiry_age()
                         expires_time = time.time() + max_age
                         expires = cookie_date(expires_time)
-                # Save the session data and refresh the client cookie.
+                # Save the session data and fire a custom signal
                 request.session.save()
+                cookieless_signal.send(sender=request, created=False)
             return response
         else:
             return self.standard_session.process_response(request, response)

docs/HISTORY.txt

@@ -1,6 +1,12 @@
 Changelog
 =========
 
+0.7 - 22nd November 2012
+------------------------
+
+- Add a cookieless_signal to allow custom code to be hooked to cookieless sessions
+- Add a no_cookies marker key to cookieless sessions for the same reason
+
 0.6 - 21st November 2012
 ------------------------