| Age | Commit message (Collapse) | Author |
|
|
|
SessionBase.decode() is the inverse operation to SessionBase.encode().
As SessionBase.encode() always returns a string, SessionBase.decode()
should always be passed a string argument. Fixed the file backend, which
was the only backend still passing a bytestring.
|
|
Thanks Tim Graham for the review.
|
|
Thanks Alex Gaynor for contributing to the patch.
|
|
|
|
|
|
|
|
|
|
|
|
is None.
|
|
Thanks Tim Graham for the review.
|
|
|
|
|
|
|
|
These methods only work on Python 2.
|
|
|
|
Thanks Tim Graham for the review.
|
|
|
|
SuspiciousOperation.
|
|
|
|
Also removed try/except/fail antipattern that hides exceptions.
|
|
SESSION_COOKIE_PATH.
|
|
|
|
KeyError.
|
|
|
|
|
|
The bug was introduced commit 3389c5ea229884a1943873fe7e7ffc2800cefc22.
|
|
concurrent requests.
Thanks Simon Charette for the review.
|
|
Made SessionTestsMixin backend agnostic and removed code obsoleted by the test
discovery refactor.
|
|
|
|
|
|
|
|
|
|
Introduced an AbstractBaseSession model and hooks providing the option
of overriding the model class used by the session store and the session
store class used by the model.
|
|
|
|
Thanks Florian Apolloner and Carl Meyer for review.
This is a security fix.
|
|
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.
This is a security fix; disclosure to follow shortly.
|
|
Changed _session_key attribute to a property and implemented basic
validation in the setter. The session key must be 'truthy' and
at least 8 characters long. Otherwise, the value is set to None.
|
|
This is a security fix; disclosure to follow shortly.
Thanks Sam Cooke for the report and draft patch.
|
|
|
|
SimpleCookie.__repr__() changed in
https://hg.python.org/cpython/rev/88e1151e8e02
|
|
exceptions.
|
|
|