| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-05-05 | Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting session ↵ | Jake Howard | |
| cookie with SESSION_SAVE_EVERY_REQUEST=True. Thank you Jacob Walls and Natalia Bidart for reviews. | |||
| 2026-02-21 | Fixed #36899 -- Implemented SessionBase.__bool__. | Amar | |
| 2025-07-23 | Refs #36500 -- Rewrapped long docstrings and block comments via a script. | django-bot | |
| Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505. | |||
| 2024-03-13 | Fixed #34901 -- Added async-compatible interface to session engines. | Jon Janzen | |
| Thanks Andrew-Chen-Wang for the initial implementation which was posted to the Django forum thread about asyncifying contrib modules. | |||
| 2024-02-21 | Fixed #34806 -- Made cached_db session backend resilient to cache write errors. | Sulabh Katila | |
| Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2024-01-26 | Applied Black's 2024 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/24.1.0 | |||
| 2023-12-31 | Used addCleanup() in tests where appropriate. | Mariusz Felisiak | |
| 2023-12-13 | Improved test coverage for django.contrib.sessions.backends.base.SessionBase. | Mariusz Felisiak | |
| 2023-02-01 | Refs #33476 -- Applied Black's 2023 stable style. | David Smith | |
| Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0 | |||
| 2022-11-24 | Fixed #34173 -- Skipped saving sessions on 5xx responses. | SirAbhi13 | |
| 2022-05-02 | Removed 'tests' path prefix in a couple tests. | Tim Graham | |
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2022-01-13 | Fixed #29708 -- Deprecated PickleSerializer. | Adam Johnson | |
| 2022-01-13 | Refs #29708 -- Made SessionBase store expiry as string. | Adam Johnson | |
| 2021-01-14 | Refs #31274 -- Removed support for the pre-Django 3.1 encoding format of ↵ | Mariusz Felisiak | |
| sessions. Per deprecation timeline. | |||
| 2020-12-28 | Fixed #32301 -- Made clearsessions raise CommandError when clear_expired() ↵ | François Freitag | |
| is not implemented. | |||
| 2020-09-14 | Fixed #31789 -- Added a new headers interface to HttpResponse. | Tom Carrick | |
| 2020-09-09 | Fixed #31962 -- Made SessionMiddleware raise SessionInterrupted when session ↵ | Hasan Ramezani | |
| destroyed while request is processing. | |||
| 2020-08-19 | Fixed #31895 -- Fixed crash when decoding invalid session data. | Mariusz Felisiak | |
| Thanks Matt Hegarty for the report. Regression in d4fff711d4c97356bd6ba1273d2a5e349326eb5f. | |||
| 2020-08-07 | Fixed #31864 -- Fixed encoding session data during transition to Django 3.1. | Mariusz Felisiak | |
| Thanks אורי for the report. | |||
| 2020-07-16 | Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in ↵ | Mariusz Felisiak | |
| HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. | |||
| 2020-03-02 | Fixed #31274 -- Used signing infrastructure in SessionBase.encode()/decode(). | Claude Paroz | |
| Thanks Mariusz Felisiak and Florian Apolloner for the reviews. | |||
| 2020-02-18 | Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵ | Claude Paroz | |
| classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2019-11-07 | Refs #29983 -- Added support for using pathlib.Path in all settings. | Jon Dufresne | |
| 2019-05-21 | Fixed #28763 -- Allowed overriding the session cookie age with ↵ | Hasan Ramezani | |
| SessionStore.get_session_cookie_age(). | |||
| 2019-03-21 | Fixed #29471 -- Added 'Vary: Cookie' to invalid/empty session cookie responses. | birthdaysgift | |
| 2019-01-28 | Fixed #30137 -- Replaced OSError aliases with the canonical OSError. | Jon Dufresne | |
| Used more specific errors (e.g. FileExistsError) as appropriate. | |||
| 2018-11-27 | Made reused RequestFactory instances class attributes. | Simon Charette | |
| 2018-10-03 | Refs #27795 -- Removed force_bytes() usage in sessions. | Jon Dufresne | |
| SessionBase.decode() is the inverse operation to SessionBase.encode(). As SessionBase.encode() always returns a string, SessionBase.decode() should always be passed a string argument. Fixed the file backend, which was the only backend still passing a bytestring. | |||
| 2018-05-07 | Replaced django.test.utils.patch_logger() with assertLogs(). | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2018-04-13 | Fixed #27863 -- Added support for the SameSite cookie flag. | Alex Gaynor | |
| Thanks Alex Gaynor for contributing to the patch. | |||
| 2018-03-16 | Fixed hanging indentation in various code. | Mariusz Felisiak | |
| 2018-01-02 | Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231. | Alexey | |
| 2017-09-25 | Fixed #27857 -- Dropped support for Python 3.4. | Tim Graham | |
| 2017-06-01 | Sorted imports per isort 4.2.9. | Tim Graham | |
| 2017-05-03 | Converted sessions_tests to use assertIs() rather than assertTrue/False(). | Tim Graham | |
| 2017-05-03 | Fixed #28167 -- Fixed cache backend's SessionStore.exists() if session_key ↵ | Tim Graham | |
| is None. | |||
| 2017-04-18 | Refs #28066 -- Fixed nondeterministic ordering test failure in sessions_tests. | Mariusz Felisiak | |
| Thanks Tim Graham for the review. | |||
| 2017-04-17 | Fixed #28066 -- Prevented SessionBase.cycle_key() from discarding data. | InvalidInterrupt | |
| 2017-01-25 | Refs #23919 -- Replaced super(ClassName, self) with super(). | chillaranand | |
| 2017-01-24 | Removed unneeded force_text calls in the test suite | Claude Paroz | |
| 2017-01-19 | Refs #23919 -- Removed SessionBase.iterkeys(), itervalues(), iteritems(). | Srinivas Reddy Thatiparthy | |
| These methods only work on Python 2. | |||
| 2017-01-19 | Refs #23919 -- Stopped inheriting from object to define new style classes. | Simon Charette | |
| 2017-01-18 | Refs #23919 -- Removed most of remaining six usage | Claude Paroz | |
| Thanks Tim Graham for the review. | |||
| 2016-11-10 | Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. | za | |
| 2016-11-01 | Fixed #27363 -- Replaced unsafe redirect in SessionMiddleware with ↵ | Andrew Nester | |
| SuspiciousOperation. | |||
| 2016-08-08 | Fixed #26764 -- Fixed Session.cycle_key() crash on unaccessed session. | Adam Zapletal | |
| 2016-06-28 | Replaced use of TestCase.fail() with assertRaises(). | Tim Graham | |
| Also removed try/except/fail antipattern that hides exceptions. | |||
| 2016-06-21 | Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion when using ↵ | Jon Dufresne | |
| SESSION_COOKIE_PATH. | |||
