summaryrefslogtreecommitdiff
path: root/django/contrib/sessions/backends/file.py
AgeCommit message (Collapse)Author
2025-07-23Removed double spaces after periods and within phrases.Sarah Boyce
2025-02-18Refs #36005 -- Used datetime.UTC alias instead of datetime.timezone.utc.Mariusz Felisiak
datetime.UTC was added in Python 3.11.
2024-03-13Fixed #34901 -- Added async-compatible interface to session engines.Jon Janzen
Thanks Andrew-Chen-Wang for the initial implementation which was posted to the Django forum thread about asyncifying contrib modules.
2024-03-12Removed unused clean() method in file-based session.Mariusz Felisiak
Unused since its introduction in bcf7e9a9fe037eff4d5dea0cdd8c35104590e1a8.
2023-01-18Refs #34233 -- Used str.removeprefix()/removesuffix().Mariusz Felisiak
2022-03-24Refs #32365 -- Removed internal uses of utils.timezone.utc alias.Carlton Gibson
Remaining test case ensures that uses of the alias are mapped canonically by the migration writer.
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-05-12Fixed #32366 -- Updated datetime module usage to recommended approach.Nick Pope
- Replaced datetime.utcnow() with datetime.now(). - Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp(). - Replaced datetime.utctimetuple() with datetime.timetuple(). - Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2019-05-21Fixed #28763 -- Allowed overriding the session cookie age with ↵Hasan Ramezani
SessionStore.get_session_cookie_age().
2019-02-06Removed unnecessary type() calls for class methods.Jon Dufresne
2019-01-28Fixed #30137 -- Replaced OSError aliases with the canonical OSError.Jon Dufresne
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-27Removed default mode='r' argument from calls to open().Jon Dufresne
2018-10-03Refs #27795 -- Removed force_bytes() usage in sessions.Jon Dufresne
SessionBase.decode() is the inverse operation to SessionBase.encode(). As SessionBase.encode() always returns a string, SessionBase.decode() should always be passed a string argument. Fixed the file backend, which was the only backend still passing a bytestring.
2018-06-28Fixed #29514 -- Reverted "Used datetime.timezone.utc instead of pytz.utc for ↵Tim Graham
better performance." This reverts commit 27ca5ce19f5f184018a61611c1bc319113b1d107 due to a regression.
2018-03-20Used datetime.timezone.utc instead of pytz.utc for better performance.Sergey Fedoseev
2018-01-12Fixed #28996 -- Simplified some boolean constructs and removed trivial ↵Дилян Палаузов
continue statements.
2018-01-03Fixed #28982 -- Simplified code with and/or.Дилян Палаузов
2017-11-07Fixed #28769 -- Replaced 'x if x else y' with 'x or y'.Дилян Палаузов
2017-09-07Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."Tim Graham
This reverts commit 550cb3a365dee4edfdd1563224d5304de2a57fda because try/except performs better.
2017-07-29Avoided creation of temporary sets.Sergey Fedoseev
2017-06-28Fixed #27818 -- Replaced try/except/pass with contextlib.suppress().Mads Jensen
2017-04-27Refs #27795 -- Replaced many force_text() with str()Claude Paroz
Thanks Tim Graham for the review.
2017-02-04Refs #27656 -- Updated django.contrib docstring verb style according to PEP 257.Anton Samarchyan
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-25Refs #23919 -- Replaced errno checking with PEP 3151 exceptions.Tim Graham
2016-04-08Fixed E128 flake8 warnings in django/.Tim Graham
2016-02-26Fixed #21608 -- Prevented logged out sessions being resurrected by ↵Tore Lundqvist
concurrent requests. Thanks Simon Charette for the review.
2015-10-17Fixed #25558 -- Fixed nondeterministic test failure on Windows: ↵Brian Gianforcaro
test_clearsessions_command. The test session without an expiration date added in refs #22938 wasn't always deleted on Windows because get_expiry_age() returns zero and the file backend didn't consider that an expired session.
2015-10-03Fixed #22938 -- Allowed clearsessions to remove file-based sessions.Aleksandra Tarkowska
2015-07-08Fixed #19324 -- Avoided creating a session record when loading the session.Carl Meyer
The session record is now only created if/when the session is modified. This prevents a potential DoS via creation of many empty session records. This is a security fix; disclosure to follow shortly.
2015-02-06Sorted imports with isort; refs #23860.Tim Graham
2013-11-02More attacking E302 violatorsAlex Gaynor
2013-05-25Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.Preston Holmes
SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
2013-05-19Fix #19664 -- Illegal Characters In Session Key Give Fatal Error On File ↵Erik Romijn
Backend Only
2013-02-24Fixed #9084 - Best approach for an OS to atomically rename the session file.Joeri Bekker
2012-11-29Fixed #19356 -- Increased session key entropy.Aymeric Augustin
2012-11-06Fixed #19254 -- Bug in SESSION_FILE_PATH handling.Aymeric Augustin
Thanks simonb for the report. Refs #18194.
2012-10-28Fixed #18194 -- Expiration of file-based sessionsAymeric Augustin
* Prevented stale session files from being loaded * Added removal of stale session files in django-admin.py clearsessions Thanks ej for the report, crodjer and Elvard for their inputs.
2012-08-15Removed unneeded smart_bytes import which was introduced in f2fff84bc.Florian Apolloner
2012-08-15[py3] fixed session file backend.Florian Apolloner
2012-05-05Made more extensive usage of context managers with open.Claude Paroz
2012-04-29Fixed #18013 -- Use the new 'as' syntax for exceptions.Claude Paroz
Thanks Clueless for the initial patch. Note that unittest has been purposely left out (external package only used by Python 2.6).
2011-11-27Fixed #11555 -- Made SessionBase.session_key read-only. Cleaned up code ↵Aymeric Augustin
slightly. Refs #13478. This also removes the implicit initialization of the session key on the first access in favor of explicit initialization. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17155 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-09Replaced `has_key()` calls with `in` to ease Python 3 port. Thanks, Martin ↵Jannis Leidel
von Löwis. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16740 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-09Fixed a security issue in the file session backend. Disclosure and new ↵Alex Gaynor
release forthcoming. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15467 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-05Converted sessions tests from doctest to unittest.Luke Plant
Also made the FileSession backend consistent with other backends in one corner case uncovered by the conversion, namely that the backend should create a new key if the one passed in is invalid. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13482 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-01Fixed a small oversight in [8750]; thanks for the sharp eyes, Warren. Fixes ↵Jacob Kaplan-Moss
#8616. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8812 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-30Fixed #8616 (again): prevent a race condition in the session file backend. ↵Jacob Kaplan-Moss
Many thanks to Warren Smith for help and the eventual fix. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8750 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29Reverted #8688 for now, since it merely introduced different bugs, rather thanMalcolm Tredinnick
fixing the problem. We have a plan B (and plan C, if needed), so this will be fixed in a different way. Refs #8616. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8707 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-29Fixed #8616 -- Fixed a race condition in the file-based session backend.Malcolm Tredinnick
Thanks to warren@wandrsmith.net for the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8688 bcc190cf-cafb-0310-a4f2-bffc1f526a37