summaryrefslogtreecommitdiff
path: root/django/contrib/sessions/backends/db.py
AgeCommit message (Collapse)Author
2024-03-13Fixed #34901 -- Added async-compatible interface to session engines.Jon Janzen
Thanks Andrew-Chen-Wang for the initial implementation which was posted to the Django forum thread about asyncifying contrib modules.
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2017-12-08Made session loading in cached_db engine more DRY.Jozef
2017-04-27Refs #27795 -- Replaced many force_text() with str()Claude Paroz
Thanks Tim Graham for the review.
2017-02-04Refs #27656 -- Updated django.contrib docstring verb style according to PEP 257.Anton Samarchyan
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2016-04-08Fixed E128 flake8 warnings in django/.Tim Graham
2016-02-26Fixed #21608 -- Prevented logged out sessions being resurrected by ↵Tore Lundqvist
concurrent requests. Thanks Simon Charette for the review.
2015-08-27Fixed #22634 -- Made the database-backed session backends more extensible.Sergey Kolosov
Introduced an AbstractBaseSession model and hooks providing the option of overriding the model class used by the session store and the session store class used by the model.
2015-07-08Fixed #19324 -- Avoided creating a session record when loading the session.Carl Meyer
The session record is now only created if/when the session is modified. This prevents a potential DoS via creation of many empty session records. This is a security fix; disclosure to follow shortly.
2015-02-06Sorted imports with isort; refs #23860.Tim Graham
2013-11-02More attacking E302 violatorsAlex Gaynor
2013-09-30Fixed #21134 -- Prevented queries in broken transactions.Aymeric Augustin
Squashed commit of the following: commit 63ddb271a44df389b2c302e421fc17b7f0529755 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sun Sep 29 22:51:00 2013 +0200 Clarified interactions between atomic and exceptions. commit 2899ec299228217c876ba3aa4024e523a41c8504 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sun Sep 22 22:45:32 2013 +0200 Fixed TransactionManagementError in tests. Previous commit introduced an additional check to prevent running queries in transactions that will be rolled back, which triggered a few failures in the tests. In practice using transaction.atomic instead of the low-level savepoint APIs was enough to fix the problems. commit 4a639b059ea80aeb78f7f160a7d4b9f609b9c238 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Tue Sep 24 22:24:17 2013 +0200 Allowed nesting constraint_checks_disabled inside atomic. Since MySQL handles transactions loosely, this isn't a problem. commit 2a4ab1cb6e83391ff7e25d08479e230ca564bfef Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sat Sep 21 18:43:12 2013 +0200 Prevented running queries in transactions that will be rolled back. This avoids a counter-intuitive behavior in an edge case on databases with non-atomic transaction semantics. It prevents using savepoint_rollback() inside an atomic block without calling set_rollback(False) first, which is backwards-incompatible in tests. Refs #21134. commit 8e3db393853c7ac64a445b66e57f3620a3fde7b0 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Sun Sep 22 22:14:17 2013 +0200 Replaced manual savepoints by atomic blocks. This ensures the rollback flag is handled consistently in internal APIs.
2013-05-25Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.Preston Holmes
SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
2013-03-11Deprecated transaction.commit/rollback_unless_managed.Aymeric Augustin
Since "unless managed" now means "if database-level autocommit", committing or rolling back doesn't have any effect. Restored transactional integrity in a few places that relied on automatically-started transactions with a transitory API.
2012-10-28Fixed #18194 -- Expiration of file-based sessionsAymeric Augustin
* Prevented stale session files from being loaded * Added removal of stale session files in django-admin.py clearsessions Thanks ej for the report, crodjer and Elvard for their inputs.
2012-10-27Fixed #19200 -- Session expiry with cached_dbAymeric Augustin
Also did a little bit of cleanup.
2012-08-12[py3] Fix encoding issues in contrib.sessionsClaude Paroz
2012-08-07[py3] Ported django.utils.encoding.Aymeric Augustin
* Renamed smart_unicode to smart_text (but kept the old name under Python 2 for backwards compatibility). * Renamed smart_str to smart_bytes. * Re-introduced smart_str as an alias for smart_text under Python 3 and smart_bytes under Python 2 (which is backwards compatible). Thus smart_str always returns a str objects. * Used the new smart_str in a few places where both Python 2 and 3 want a str.
2012-01-24Fixed #17506 -- Did a minor optimization in the sessions' database backend. ↵Julien Phalip
Thanks to FunkyBob for the report and patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17390 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-27Fixed #11555 -- Made SessionBase.session_key read-only. Cleaned up code ↵Aymeric Augustin
slightly. Refs #13478. This also removes the implicit initialization of the session key on the first access in favor of explicit initialization. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17155 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-11-20Upgraded django.contrib.sessions to be compatible with time zone support.Aymeric Augustin
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17121 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-13Fixed #16225 -- Removed unused imports. Many thanks to Aymeric Augustin for ↵Jannis Leidel
the work on the patch and Alex for reviewing. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16539 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-14Fixed potential circular import problem.Luke Plant
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14564 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-25Fixed #13200 -- Updated the DB session backend to make full use of routers, ↵Russell Keith-Magee
deprecating the need for the SESSION_DB_ALIAS setting. Thanks to rokclimb15 for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12844 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-22Fixed #1142 -- Added multiple database support.Russell Keith-Magee
This monster of a patch is the result of Alex Gaynor's 2009 Google Summer of Code project. Congratulations to Alex for a job well done. Big thanks also go to: * Justin Bronn for keeping GIS in line with the changes, * Karen Tracey and Jani Tiainen for their help testing Oracle support * Brett Hoerner, Jon Loyens, and Craig Kimmerer for their feedback. * Malcolm Treddinick for his guidance during the GSoC submission process. * Simon Willison for driving the original design process * Cal Henderson for complaining about ponies he wanted. ... and everyone else too numerous to mention that helped to bring this feature into fruition. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11952 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23Avoid a crash when unencoding session data for the db backend. This is requiredMalcolm Tredinnick
because some configurations of MySQL (with utf8_bin collation) will return bytestring, rather than unicode data, which was causing problems previously. Refs #8340. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8507 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-15Made a few small tweaks to reduce persistent storage accesses in the sessionMalcolm Tredinnick
backend. Refs #8311, although doesn't fix the problem there. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8381 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14Fixed #8314 -- Fixed an infinite loop caused when submitting a session key (viaMalcolm Tredinnick
a cookie) with no corresponding entry in the database. This only affected the database backend, but I've applied the same fix to all three backends for robustness. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8351 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14Implemented a flush() method on sessions that cleans out the session andMalcolm Tredinnick
regenerates the key. Used to ensure the caller gets a fresh session at logout, for example. Based on a patch from mrts. Refs #7515. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8342 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-14Added guaranteed atomic creation of new session objects. Slightly backwardsMalcolm Tredinnick
incompatible for custom session backends. Whilst we were in the neighbourhood, use a larger range of session key values to save a small amount of time and use the hardware-base random numbers where available (transparently falls back to pseudo-RNG otherwise). Fixed #1080 git-svn-id: http://code.djangoproject.com/svn/django/trunk@8340 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-22Fixed #7847 -- Removed a whole bunch of unused imports from throughout the ↵Adrian Holovaty
codebase. Thanks, julien git-svn-id: http://code.djangoproject.com/svn/django/trunk@8046 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-23Several Django styling fixes in the `contrib.sessions` app.Gary Wilson Jr
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7725 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-06-07Fixed #2548: added get/set_expiry methods to session objects. Thanks, Amit ↵Jacob Kaplan-Moss
Upadhyay and SmileyChris. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7586 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-01-06Fixed a subtle corner case whereby sending a bad session ID generates new ↵Malcolm Tredinnick
(unused) session entries in the database table. git-svn-id: http://code.djangoproject.com/svn/django/trunk@7001 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-15Fixed #2066: session data can now be stored in the cache or on the ↵Jacob Kaplan-Moss
filesystem. This should be fully backwards-compatible (the database cache store is still the default). A big thanks to John D'Agostino for the bulk of this code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6333 bcc190cf-cafb-0310-a4f2-bffc1f526a37