| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2016-04-20 | Fixed #26520 -- Fixed a regression where SessionBase.pop() didn't return a ↵ | Tobias Kroenke | |
| KeyError. | |||
| 2016-04-20 | Refs #24621 -- Added a test for SessionBase.pop()'s 'default' argument. | Nicolas Noé | |
| 2016-04-08 | Fixed E128 flake8 warnings in tests/. | Tim Graham | |
| 2016-04-04 | Refs #21608 -- Fixed incorrect cache key in cache session backend's save(). | Jon Dufresne | |
| The bug was introduced commit 3389c5ea229884a1943873fe7e7ffc2800cefc22. | |||
| 2016-02-26 | Fixed #21608 -- Prevented logged out sessions being resurrected by ↵ | Tore Lundqvist | |
| concurrent requests. Thanks Simon Charette for the review. | |||
| 2016-02-26 | Cleaned up session backends tests. | Simon Charette | |
| Made SessionTestsMixin backend agnostic and removed code obsoleted by the test discovery refactor. | |||
| 2016-02-04 | Stopped registering the sessions tests models to the sessions app. | Simon Charette | |
| 2016-01-29 | Refs #26022 -- Used context manager version of assertRaises in tests. | Hasan | |
| 2015-10-20 | Fixed quad quoted ("""") docstring starts. | John Vandenberg | |
| 2015-10-03 | Fixed #22938 -- Allowed clearsessions to remove file-based sessions. | Aleksandra Tarkowska | |
| 2015-08-27 | Fixed #22634 -- Made the database-backed session backends more extensible. | Sergey Kolosov | |
| Introduced an AbstractBaseSession model and hooks providing the option of overriding the model class used by the session store and the session store class used by the model. | |||
| 2015-08-20 | Added a test to ensure empty sessions are saved. | Tim Graham | |
| 2015-08-18 | Fixed DoS possiblity in contrib.auth.views.logout() | Tim Graham | |
| Thanks Florian Apolloner and Carl Meyer for review. This is a security fix. | |||
| 2015-07-08 | Fixed #19324 -- Avoided creating a session record when loading the session. | Carl Meyer | |
| The session record is now only created if/when the session is modified. This prevents a potential DoS via creation of many empty session records. This is a security fix; disclosure to follow shortly. | |||
| 2015-06-06 | Fixed #24915 -- Added stricter session key validation | David Bannon | |
| Changed _session_key attribute to a property and implemented basic validation in the setter. The session key must be 'truthy' and at least 8 characters long. Otherwise, the value is set to None. | |||
| 2015-05-20 | Fixed incorrect session.flush() in cached_db session backend. | Tim Graham | |
| This is a security fix; disclosure to follow shortly. Thanks Sam Cooke for the report and draft patch. | |||
| 2015-05-15 | Fixed #24799 -- Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN | Bo Lopker | |
| 2015-03-31 | Fixed sessions test on Python 3.5; refs #23763. | Tim Graham | |
| SimpleCookie.__repr__() changed in https://hg.python.org/cpython/rev/88e1151e8e02 | |||
| 2015-03-12 | Fixed #24468 -- Made signed cookies cache backend resilient to unpickling ↵ | Tim Graham | |
| exceptions. | |||
| 2015-02-11 | Moved contrib.sessions tests out of contrib. | Tim Graham | |
