| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-07-16 | [3.1.x] Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in ↵ | Mariusz Felisiak | |
| HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. Backport of 240cbb63bf9965c63d7a3cc9032f91410f414d46 from master | |||
| 2020-03-02 | Fixed #31274 -- Used signing infrastructure in SessionBase.encode()/decode(). | Claude Paroz | |
| Thanks Mariusz Felisiak and Florian Apolloner for the reviews. | |||
| 2020-02-18 | Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵ | Claude Paroz | |
| classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2019-11-07 | Refs #29983 -- Added support for using pathlib.Path in all settings. | Jon Dufresne | |
| 2019-05-21 | Fixed #28763 -- Allowed overriding the session cookie age with ↵ | Hasan Ramezani | |
| SessionStore.get_session_cookie_age(). | |||
| 2019-03-21 | Fixed #29471 -- Added 'Vary: Cookie' to invalid/empty session cookie responses. | birthdaysgift | |
| 2019-01-28 | Fixed #30137 -- Replaced OSError aliases with the canonical OSError. | Jon Dufresne | |
| Used more specific errors (e.g. FileExistsError) as appropriate. | |||
| 2018-11-27 | Made reused RequestFactory instances class attributes. | Simon Charette | |
| 2018-10-03 | Refs #27795 -- Removed force_bytes() usage in sessions. | Jon Dufresne | |
| SessionBase.decode() is the inverse operation to SessionBase.encode(). As SessionBase.encode() always returns a string, SessionBase.decode() should always be passed a string argument. Fixed the file backend, which was the only backend still passing a bytestring. | |||
| 2018-05-07 | Replaced django.test.utils.patch_logger() with assertLogs(). | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2018-04-13 | Fixed #27863 -- Added support for the SameSite cookie flag. | Alex Gaynor | |
| Thanks Alex Gaynor for contributing to the patch. | |||
| 2018-03-16 | Fixed hanging indentation in various code. | Mariusz Felisiak | |
| 2018-01-02 | Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231. | Alexey | |
| 2017-09-25 | Fixed #27857 -- Dropped support for Python 3.4. | Tim Graham | |
| 2017-06-01 | Sorted imports per isort 4.2.9. | Tim Graham | |
| 2017-05-03 | Converted sessions_tests to use assertIs() rather than assertTrue/False(). | Tim Graham | |
| 2017-05-03 | Fixed #28167 -- Fixed cache backend's SessionStore.exists() if session_key ↵ | Tim Graham | |
| is None. | |||
| 2017-04-18 | Refs #28066 -- Fixed nondeterministic ordering test failure in sessions_tests. | Mariusz Felisiak | |
| Thanks Tim Graham for the review. | |||
| 2017-04-17 | Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data. | InvalidInterrupt | |
| 2017-01-25 | Refs #23919 -- Replaced super(ClassName, self) with super(). | chillaranand | |
| 2017-01-24 | Removed unneeded force_text calls in the test suite | Claude Paroz | |
| 2017-01-19 | Refs #23919 -- Removed SessionBase.iterkeys(), itervalues(), iteritems(). | Srinivas Reddy Thatiparthy | |
| These methods only work on Python 2. | |||
| 2017-01-19 | Refs #23919 -- Stopped inheriting from object to define new style classes. | Simon Charette | |
| 2017-01-18 | Refs #23919 -- Removed most of remaining six usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2016-11-10 | Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. | za | |
| 2016-11-01 | Fixed #27363 -- Replaced unsafe redirect in SessionMiddleware with ↵ | Andrew Nester | |
| SuspiciousOperation. | |||
| 2016-08-08 | Fixed #26764 -- Fixed Session.cycle_key() crash on unaccessed session. | Adam Zapletal | |
| 2016-06-28 | Replaced use of TestCase.fail() with assertRaises(). | Tim Graham | |
| Also removed try/except/fail antipattern that hides exceptions. | |||
| 2016-06-21 | Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion when using ↵ | Jon Dufresne | |
| SESSION_COOKIE_PATH. | |||
| 2016-06-16 | Fixed #26747 -- Used more specific assertions in the Django test suite. | Jon Dufresne | |
| 2016-04-20 | Fixed #26520 -- Fixed a regression where SessionBase.pop() didn't return a ↵ | Tobias Kroenke | |
| KeyError. | |||
| 2016-04-20 | Refs #24621 -- Added a test for SessionBase.pop()'s 'default' argument. | Nicolas Noé | |
| 2016-04-08 | Fixed E128 flake8 warnings in tests/. | Tim Graham | |
| 2016-04-04 | Refs #21608 -- Fixed incorrect cache key in cache session backend's save(). | Jon Dufresne | |
| The bug was introduced commit 3389c5ea229884a1943873fe7e7ffc2800cefc22. | |||
| 2016-02-26 | Fixed #21608 -- Prevented logged out sessions being resurrected by ↵ | Tore Lundqvist | |
| concurrent requests. Thanks Simon Charette for the review. | |||
| 2016-02-26 | Cleaned up session backends tests. | Simon Charette | |
| Made SessionTestsMixin backend agnostic and removed code obsoleted by the test discovery refactor. | |||
| 2016-02-04 | Stopped registering the sessions tests models to the sessions app. | Simon Charette | |
| 2016-01-29 | Refs #26022 -- Used context manager version of assertRaises in tests. | Hasan | |
| 2015-10-20 | Fixed quad quoted ("""") docstring starts. | John Vandenberg | |
| 2015-10-03 | Fixed #22938 -- Allowed clearsessions to remove file-based sessions. | Aleksandra Tarkowska | |
| 2015-08-27 | Fixed #22634 -- Made the database-backed session backends more extensible. | Sergey Kolosov | |
| Introduced an AbstractBaseSession model and hooks providing the option of overriding the model class used by the session store and the session store class used by the model. | |||
| 2015-08-20 | Added a test to ensure empty sessions are saved. | Tim Graham | |
| 2015-08-18 | Fixed DoS possiblity in contrib.auth.views.logout() | Tim Graham | |
| Thanks Florian Apolloner and Carl Meyer for review. This is a security fix. | |||
| 2015-07-08 | Fixed #19324 -- Avoided creating a session record when loading the session. | Carl Meyer | |
| The session record is now only created if/when the session is modified. This prevents a potential DoS via creation of many empty session records. This is a security fix; disclosure to follow shortly. | |||
| 2015-06-06 | Fixed #24915 -- Added stricter session key validation | David Bannon | |
| Changed _session_key attribute to a property and implemented basic validation in the setter. The session key must be 'truthy' and at least 8 characters long. Otherwise, the value is set to None. | |||
| 2015-05-20 | Fixed incorrect session.flush() in cached_db session backend. | Tim Graham | |
| This is a security fix; disclosure to follow shortly. Thanks Sam Cooke for the report and draft patch. | |||
| 2015-05-15 | Fixed #24799 -- Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN | Bo Lopker | |
| 2015-03-31 | Fixed sessions test on Python 3.5; refs #23763. | Tim Graham | |
| SimpleCookie.__repr__() changed in https://hg.python.org/cpython/rev/88e1151e8e02 | |||
| 2015-03-12 | Fixed #24468 -- Made signed cookies cache backend resilient to unpickling ↵ | Tim Graham | |
| exceptions. | |||
| 2015-02-11 | Moved contrib.sessions tests out of contrib. | Tim Graham | |
