summaryrefslogtreecommitdiff
path: root/tests/sessions_tests
AgeCommit message (Collapse)Author
2020-12-28Fixed #32301 -- Made clearsessions raise CommandError when clear_expired() ↵François Freitag
is not implemented.
2020-09-14Fixed #31789 -- Added a new headers interface to HttpResponse.Tom Carrick
2020-09-09Fixed #31962 -- Made SessionMiddleware raise SessionInterrupted when session ↵Hasan Ramezani
destroyed while request is processing.
2020-08-19Fixed #31895 -- Fixed crash when decoding invalid session data.Mariusz Felisiak
Thanks Matt Hegarty for the report. Regression in d4fff711d4c97356bd6ba1273d2a5e349326eb5f.
2020-08-07Fixed #31864 -- Fixed encoding session data during transition to Django 3.1.Mariusz Felisiak
Thanks אורי for the report.
2020-07-16Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in ↵Mariusz Felisiak
HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies.
2020-03-02Fixed #31274 -- Used signing infrastructure in SessionBase.encode()/decode().Claude Paroz
Thanks Mariusz Felisiak and Florian Apolloner for the reviews.
2020-02-18Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵Claude Paroz
classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-11-07Refs #29983 -- Added support for using pathlib.Path in all settings.Jon Dufresne
2019-05-21Fixed #28763 -- Allowed overriding the session cookie age with ↵Hasan Ramezani
SessionStore.get_session_cookie_age().
2019-03-21Fixed #29471 -- Added 'Vary: Cookie' to invalid/empty session cookie responses.birthdaysgift
2019-01-28Fixed #30137 -- Replaced OSError aliases with the canonical OSError.Jon Dufresne
Used more specific errors (e.g. FileExistsError) as appropriate.
2018-11-27Made reused RequestFactory instances class attributes.Simon Charette
2018-10-03Refs #27795 -- Removed force_bytes() usage in sessions.Jon Dufresne
SessionBase.decode() is the inverse operation to SessionBase.encode(). As SessionBase.encode() always returns a string, SessionBase.decode() should always be passed a string argument. Fixed the file backend, which was the only backend still passing a bytestring.
2018-05-07Replaced django.test.utils.patch_logger() with assertLogs().Claude Paroz
Thanks Tim Graham for the review.
2018-04-13Fixed #27863 -- Added support for the SameSite cookie flag.Alex Gaynor
Thanks Alex Gaynor for contributing to the patch.
2018-03-16Fixed hanging indentation in various code.Mariusz Felisiak
2018-01-02Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231.Alexey
2017-09-25Fixed #27857 -- Dropped support for Python 3.4.Tim Graham
2017-06-01Sorted imports per isort 4.2.9.Tim Graham
2017-05-03Converted sessions_tests to use assertIs() rather than assertTrue/False().Tim Graham
2017-05-03Fixed #28167 -- Fixed cache backend's SessionStore.exists() if session_key ↵Tim Graham
is None.
2017-04-18Refs #28066 -- Fixed nondeterministic ordering test failure in sessions_tests.Mariusz Felisiak
Thanks Tim Graham for the review.
2017-04-17Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data.InvalidInterrupt
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-24Removed unneeded force_text calls in the test suiteClaude Paroz
2017-01-19Refs #23919 -- Removed SessionBase.iterkeys(), itervalues(), iteritems().Srinivas Reddy Thatiparthy
These methods only work on Python 2.
2017-01-19Refs #23919 -- Stopped inheriting from object to define new style classes.Simon Charette
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
Thanks Tim Graham for the review.
2016-11-10Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.za
2016-11-01Fixed #27363 -- Replaced unsafe redirect in SessionMiddleware with ↵Andrew Nester
SuspiciousOperation.
2016-08-08Fixed #26764 -- Fixed Session.cycle_key() crash on unaccessed session.Adam Zapletal
2016-06-28Replaced use of TestCase.fail() with assertRaises().Tim Graham
Also removed try/except/fail antipattern that hides exceptions.
2016-06-21Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion when using ↵Jon Dufresne
SESSION_COOKIE_PATH.
2016-06-16Fixed #26747 -- Used more specific assertions in the Django test suite.Jon Dufresne
2016-04-20Fixed #26520 -- Fixed a regression where SessionBase.pop() didn't return a ↵Tobias Kroenke
KeyError.
2016-04-20Refs #24621 -- Added a test for SessionBase.pop()'s 'default' argument.Nicolas Noé
2016-04-08Fixed E128 flake8 warnings in tests/.Tim Graham
2016-04-04Refs #21608 -- Fixed incorrect cache key in cache session backend's save().Jon Dufresne
The bug was introduced commit 3389c5ea229884a1943873fe7e7ffc2800cefc22.
2016-02-26Fixed #21608 -- Prevented logged out sessions being resurrected by ↵Tore Lundqvist
concurrent requests. Thanks Simon Charette for the review.
2016-02-26Cleaned up session backends tests.Simon Charette
Made SessionTestsMixin backend agnostic and removed code obsoleted by the test discovery refactor.
2016-02-04Stopped registering the sessions tests models to the sessions app.Simon Charette
2016-01-29Refs #26022 -- Used context manager version of assertRaises in tests.Hasan
2015-10-20Fixed quad quoted ("""") docstring starts.John Vandenberg
2015-10-03Fixed #22938 -- Allowed clearsessions to remove file-based sessions.Aleksandra Tarkowska
2015-08-27Fixed #22634 -- Made the database-backed session backends more extensible.Sergey Kolosov
Introduced an AbstractBaseSession model and hooks providing the option of overriding the model class used by the session store and the session store class used by the model.
2015-08-20Added a test to ensure empty sessions are saved.Tim Graham
2015-08-18Fixed DoS possiblity in contrib.auth.views.logout()Tim Graham
Thanks Florian Apolloner and Carl Meyer for review. This is a security fix.
2015-07-08Fixed #19324 -- Avoided creating a session record when loading the session.Carl Meyer
The session record is now only created if/when the session is modified. This prevents a potential DoS via creation of many empty session records. This is a security fix; disclosure to follow shortly.
2015-06-06Fixed #24915 -- Added stricter session key validationDavid Bannon
Changed _session_key attribute to a property and implemented basic validation in the setter. The session key must be 'truthy' and at least 8 characters long. Otherwise, the value is set to None.