| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-12-28 | Fixed #32301 -- Made clearsessions raise CommandError when clear_expired() ↵ | François Freitag | |
| is not implemented. | |||
| 2020-09-14 | Fixed #31789 -- Added a new headers interface to HttpResponse. | Tom Carrick | |
| 2020-09-09 | Fixed #31962 -- Made SessionMiddleware raise SessionInterrupted when session ↵ | Hasan Ramezani | |
| destroyed while request is processing. | |||
| 2020-08-19 | Fixed #31895 -- Fixed crash when decoding invalid session data. | Mariusz Felisiak | |
| Thanks Matt Hegarty for the report. Regression in d4fff711d4c97356bd6ba1273d2a5e349326eb5f. | |||
| 2020-08-07 | Fixed #31864 -- Fixed encoding session data during transition to Django 3.1. | Mariusz Felisiak | |
| Thanks אורי for the report. | |||
| 2020-07-16 | Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in ↵ | Mariusz Felisiak | |
| HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. | |||
| 2020-03-02 | Fixed #31274 -- Used signing infrastructure in SessionBase.encode()/decode(). | Claude Paroz | |
| Thanks Mariusz Felisiak and Florian Apolloner for the reviews. | |||
| 2020-02-18 | Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵ | Claude Paroz | |
| classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2019-11-07 | Refs #29983 -- Added support for using pathlib.Path in all settings. | Jon Dufresne | |
| 2019-05-21 | Fixed #28763 -- Allowed overriding the session cookie age with ↵ | Hasan Ramezani | |
| SessionStore.get_session_cookie_age(). | |||
| 2019-03-21 | Fixed #29471 -- Added 'Vary: Cookie' to invalid/empty session cookie responses. | birthdaysgift | |
| 2019-01-28 | Fixed #30137 -- Replaced OSError aliases with the canonical OSError. | Jon Dufresne | |
| Used more specific errors (e.g. FileExistsError) as appropriate. | |||
| 2018-11-27 | Made reused RequestFactory instances class attributes. | Simon Charette | |
| 2018-10-03 | Refs #27795 -- Removed force_bytes() usage in sessions. | Jon Dufresne | |
| SessionBase.decode() is the inverse operation to SessionBase.encode(). As SessionBase.encode() always returns a string, SessionBase.decode() should always be passed a string argument. Fixed the file backend, which was the only backend still passing a bytestring. | |||
| 2018-05-07 | Replaced django.test.utils.patch_logger() with assertLogs(). | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2018-04-13 | Fixed #27863 -- Added support for the SameSite cookie flag. | Alex Gaynor | |
| Thanks Alex Gaynor for contributing to the patch. | |||
| 2018-03-16 | Fixed hanging indentation in various code. | Mariusz Felisiak | |
| 2018-01-02 | Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231. | Alexey | |
| 2017-09-25 | Fixed #27857 -- Dropped support for Python 3.4. | Tim Graham | |
| 2017-06-01 | Sorted imports per isort 4.2.9. | Tim Graham | |
| 2017-05-03 | Converted sessions_tests to use assertIs() rather than assertTrue/False(). | Tim Graham | |
| 2017-05-03 | Fixed #28167 -- Fixed cache backend's SessionStore.exists() if session_key ↵ | Tim Graham | |
| is None. | |||
| 2017-04-18 | Refs #28066 -- Fixed nondeterministic ordering test failure in sessions_tests. | Mariusz Felisiak | |
| Thanks Tim Graham for the review. | |||
| 2017-04-17 | Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data. | InvalidInterrupt | |
| 2017-01-25 | Refs #23919 -- Replaced super(ClassName, self) with super(). | chillaranand | |
| 2017-01-24 | Removed unneeded force_text calls in the test suite | Claude Paroz | |
| 2017-01-19 | Refs #23919 -- Removed SessionBase.iterkeys(), itervalues(), iteritems(). | Srinivas Reddy Thatiparthy | |
| These methods only work on Python 2. | |||
| 2017-01-19 | Refs #23919 -- Stopped inheriting from object to define new style classes. | Simon Charette | |
| 2017-01-18 | Refs #23919 -- Removed most of remaining six usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2016-11-10 | Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. | za | |
| 2016-11-01 | Fixed #27363 -- Replaced unsafe redirect in SessionMiddleware with ↵ | Andrew Nester | |
| SuspiciousOperation. | |||
| 2016-08-08 | Fixed #26764 -- Fixed Session.cycle_key() crash on unaccessed session. | Adam Zapletal | |
| 2016-06-28 | Replaced use of TestCase.fail() with assertRaises(). | Tim Graham | |
| Also removed try/except/fail antipattern that hides exceptions. | |||
| 2016-06-21 | Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion when using ↵ | Jon Dufresne | |
| SESSION_COOKIE_PATH. | |||
| 2016-06-16 | Fixed #26747 -- Used more specific assertions in the Django test suite. | Jon Dufresne | |
| 2016-04-20 | Fixed #26520 -- Fixed a regression where SessionBase.pop() didn't return a ↵ | Tobias Kroenke | |
| KeyError. | |||
| 2016-04-20 | Refs #24621 -- Added a test for SessionBase.pop()'s 'default' argument. | Nicolas Noé | |
| 2016-04-08 | Fixed E128 flake8 warnings in tests/. | Tim Graham | |
| 2016-04-04 | Refs #21608 -- Fixed incorrect cache key in cache session backend's save(). | Jon Dufresne | |
| The bug was introduced commit 3389c5ea229884a1943873fe7e7ffc2800cefc22. | |||
| 2016-02-26 | Fixed #21608 -- Prevented logged out sessions being resurrected by ↵ | Tore Lundqvist | |
| concurrent requests. Thanks Simon Charette for the review. | |||
| 2016-02-26 | Cleaned up session backends tests. | Simon Charette | |
| Made SessionTestsMixin backend agnostic and removed code obsoleted by the test discovery refactor. | |||
| 2016-02-04 | Stopped registering the sessions tests models to the sessions app. | Simon Charette | |
| 2016-01-29 | Refs #26022 -- Used context manager version of assertRaises in tests. | Hasan | |
| 2015-10-20 | Fixed quad quoted ("""") docstring starts. | John Vandenberg | |
| 2015-10-03 | Fixed #22938 -- Allowed clearsessions to remove file-based sessions. | Aleksandra Tarkowska | |
| 2015-08-27 | Fixed #22634 -- Made the database-backed session backends more extensible. | Sergey Kolosov | |
| Introduced an AbstractBaseSession model and hooks providing the option of overriding the model class used by the session store and the session store class used by the model. | |||
| 2015-08-20 | Added a test to ensure empty sessions are saved. | Tim Graham | |
| 2015-08-18 | Fixed DoS possiblity in contrib.auth.views.logout() | Tim Graham | |
| Thanks Florian Apolloner and Carl Meyer for review. This is a security fix. | |||
| 2015-07-08 | Fixed #19324 -- Avoided creating a session record when loading the session. | Carl Meyer | |
| The session record is now only created if/when the session is modified. This prevents a potential DoS via creation of many empty session records. This is a security fix; disclosure to follow shortly. | |||
| 2015-06-06 | Fixed #24915 -- Added stricter session key validation | David Bannon | |
| Changed _session_key attribute to a property and implemented basic validation in the setter. The session key must be 'truthy' and at least 8 characters long. Otherwise, the value is set to None. | |||
