summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJon Dufresne <jon.dufresne@gmail.com>2016-06-21 08:03:25 -0700
committerTim Graham <timograham@gmail.com>2016-06-21 11:03:40 -0400
commite725a68bcce4106fa3e1e8ecb0145ddef03d9005 (patch)
tree89e03a2f84710c7afe63d426f65a6ba0d690206c
parentb1592dd73b47d81e8a8f5e585827fccde015c7c2 (diff)
[1.10.x] Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion when using SESSION_COOKIE_PATH.
Backport of d13881bd34ff8f76b902ef5256001341d60b3161 from master
-rw-r--r--django/contrib/sessions/middleware.py6
-rw-r--r--tests/sessions_tests/tests.py11
2 files changed, 11 insertions, 6 deletions
diff --git a/django/contrib/sessions/middleware.py b/django/contrib/sessions/middleware.py
index 4871b48075..5aaff43426 100644
--- a/django/contrib/sessions/middleware.py
+++ b/django/contrib/sessions/middleware.py
@@ -35,7 +35,11 @@ class SessionMiddleware(MiddlewareMixin):
# First check if we need to delete this cookie.
# The session should be deleted only if the session is entirely empty
if settings.SESSION_COOKIE_NAME in request.COOKIES and empty:
- response.delete_cookie(settings.SESSION_COOKIE_NAME, domain=settings.SESSION_COOKIE_DOMAIN)
+ response.delete_cookie(
+ settings.SESSION_COOKIE_NAME,
+ path=settings.SESSION_COOKIE_PATH,
+ domain=settings.SESSION_COOKIE_DOMAIN,
+ )
else:
if accessed:
patch_vary_headers(response, ('Cookie',))
diff --git a/tests/sessions_tests/tests.py b/tests/sessions_tests/tests.py
index 3975d57c4c..dbba1235b5 100644
--- a/tests/sessions_tests/tests.py
+++ b/tests/sessions_tests/tests.py
@@ -746,8 +746,8 @@ class SessionMiddlewareTests(TestCase):
str(response.cookies[settings.SESSION_COOKIE_NAME])
)
- @override_settings(SESSION_COOKIE_DOMAIN='.example.local')
- def test_session_delete_on_end_with_custom_domain(self):
+ @override_settings(SESSION_COOKIE_DOMAIN='.example.local', SESSION_COOKIE_PATH='/example/')
+ def test_session_delete_on_end_with_custom_domain_and_path(self):
request = RequestFactory().get('/')
response = HttpResponse('Session test')
middleware = SessionMiddleware()
@@ -763,12 +763,13 @@ class SessionMiddlewareTests(TestCase):
response = middleware.process_response(request, response)
# Check that the cookie was deleted, not recreated.
- # A deleted cookie header with a custom domain looks like:
+ # A deleted cookie header with a custom domain and path looks like:
# Set-Cookie: sessionid=; Domain=.example.local;
- # expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/
+ # expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0;
+ # Path=/example/
self.assertEqual(
'Set-Cookie: {}={}; Domain=.example.local; expires=Thu, '
- '01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/'.format(
+ '01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/example/'.format(
settings.SESSION_COOKIE_NAME,
'""' if sys.version_info >= (3, 5) else '',
),