Skip to content
Browse files

Trated POST for GET ajax

  • Loading branch information...
1 parent cf2aa92 commit 85c6eae0d7bba400e664863207f595b1b04c6929 @jpic jpic committed Feb 19, 2013
View
6 session_security/middleware.py
@@ -40,16 +40,16 @@ def process_request(self, request):
def update_last_activity(self, request, now):
"""
- If ``request.POST['idleFor']`` is set, check if it refers to a more
+ If ``request.GET['idleFor']`` is set, check if it refers to a more
recent activity than ``request.session['_session_security']`` and
update it in this case.
"""
request.session.setdefault('_session_security', now)
last_activity = request.session['_session_security']
server_idle_for = (now - last_activity).seconds
- if 'idleFor' in request.POST:
- client_idle_for = int(request.POST['idleFor'])
+ if 'idleFor' in request.GET:
+ client_idle_for = int(request.GET['idleFor'])
if client_idle_for < server_idle_for:
# Client has more recent activity than we have in the session
View
2 session_security/static/session_security/script.js
@@ -73,7 +73,7 @@ yourlabs.SessionSecurity.prototype = {
// confidential data !!
error: $.proxy(this.apply, this),
dataType: 'json',
- type: 'post',
+ type: 'get',
});
},
View
47 session_security/templates/session_security/all.html
@@ -22,55 +22,8 @@
{# Load SessionSecurity javascript 'class', jquery should be loaded - by you - at this point #}
<script type="text/javascript" src="{{ STATIC_URL }}session_security/script.js"></script>
- {% csrf_token %}
-
{# Bootstrap a SessionSecurity instance as the sessionSecurity global variable #}
<script type="text/javascript">
- function getCookie(name) {
- var cookieValue = null;
- if (document.cookie && document.cookie != '') {
- var cookies = document.cookie.split(';');
- for (var i = 0; i < cookies.length; i++) {
- var cookie = jQuery.trim(cookies[i]);
- // Does this cookie string begin with the name we want?
- if (cookie.substring(0, name.length + 1) == (name + '=')) {
- cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
- break;
- }
- }
- }
- return cookieValue;
- }
- var csrftoken = getCookie('csrftoken');
-
- function csrfSafeMethod(method) {
- // these HTTP methods do not require CSRF protection
- return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
- }
- function sameOrigin(url) {
- // test that a given url is a same-origin URL
- // url could be relative or scheme relative or absolute
- var host = document.location.host; // host + port
- var protocol = document.location.protocol;
- var sr_origin = '//' + host;
- var origin = protocol + sr_origin;
- // Allow absolute or scheme relative URLs to same origin
- return (url == origin || url.slice(0, origin.length + 1) == origin + '/') ||
- (url == sr_origin || url.slice(0, sr_origin.length + 1) == sr_origin + '/') ||
- // or any other URL that isn't scheme relative or absolute i.e relative.
- !(/^(\/\/|http:|https:).*/.test(url));
- }
- $.ajaxSetup({
- beforeSend: function(xhr, settings) {
- if (!csrfSafeMethod(settings.type) && sameOrigin(settings.url)) {
- // Send the token to same-origin, relative URLs only.
- // Send the token only if the method warrants CSRF protection
- // Using the CSRFToken value acquired earlier
- xhr.setRequestHeader("X-CSRFToken", csrftoken);
- }
- }
- });
-
var sessionSecurity = new yourlabs.SessionSecurity({
pingUrl: '{% url 'session_security_ping' %}',
warnAfter: {{ request|warn_after }},
View
2 session_security/tests/middleware.py
@@ -32,7 +32,7 @@ def test_javascript_activity_no_logout(self):
self.client.login(username='test', password='test')
response = self.client.get('/admin/')
time.sleep(8)
- response = self.client.post('/session_security/ping/', {'idleFor': '1'})
+ response = self.client.get('/session_security/ping/?idleFor=1')
self.assertTrue('_auth_user_id' in self.client.session)
time.sleep(4)
response = self.client.get('/admin/')
View
5 session_security/tests/views.py
@@ -14,7 +14,7 @@ def setUp(self):
def test_anonymous(self):
self.client.logout()
self.client.get('/admin/')
- response = self.client.post('/session_security/ping/', {'inactiveFor': '1'})
+ response = self.client.get('/session_security/ping/?idleFor=1')
self.assertEqual(response.content, 'logout')
ping_provider = lambda: (
@@ -33,7 +33,8 @@ def test_ping(self, server, client, expected, authenticated=True):
session = self.client.session
session['_session_security'] = now - timedelta(seconds=server)
session.save()
- response = self.client.post('/session_security/ping/', {'idleFor': client})
+ response = self.client.get('/session_security/ping/?idleFor=%s' %
+ client)
self.assertEqual(response.content, expected)
self.assertEqual(authenticated, '_auth_user_id' in self.client.session)
View
2 session_security/views.py
@@ -16,7 +16,7 @@ class PingView(generic.View):
'real last activity' that is maintained in the session by the middleware.
"""
- def post(self, request, *args, **kwargs):
+ def get(self, request, *args, **kwargs):
if '_session_security' not in request.session:
# It probably has expired already
return http.HttpResponse('logout')

0 comments on commit 85c6eae

Please sign in to comment.
Something went wrong with that request. Please try again.