Fixed #1 -- Added anonymous session support via middleware and request.session. Removed the former request.session, which wasn't being used anyway. Removed auth.Session model. See the BackwardsIncompatibleChanges wiki page for IMPORTANT notes on code you'll have to change and a DB table you'll have to create.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@518 bcc190cf-cafb-0310-a4f2-bffc1f526a37

2 files changed, 76 insertions, 6 deletions

diff --git a/django/middleware/admin.py b/django/middleware/admin.py
index a977bacdbf..42d83b5be7 100644
--- a/django/middleware/admin.py
+++ b/django/middleware/admin.py
@@ -1,7 +1,7 @@
 from django.utils import httpwrappers
 from django.core import template_loader
 from django.core.extensions import DjangoContext as Context
-from django.models.auth import sessions, users
+from django.models.auth import users
 from django.views.registration import passwords
 from django.views.auth.login import logout
 import base64, md5
@@ -29,14 +29,17 @@ class AdminUserRequired:
         # Otherwise the password reset would need its own entry in the httpd
         # conf, which is a little uglier than this. Same goes for the logout
         # view.
+
         if view_func in (passwords.password_reset, passwords.password_reset_done, logout):
             return
 
+        assert hasattr(request, 'session'), "The admin requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.middleware.sessions.SessionMiddleware' before %r." % self.__class__.__name__
+
         # Check for a logged in, valid user
         if self.user_is_valid(request.user):
             return
 
-        # If this isn't alreay the login page, display it
+        # If this isn't already the login page, display it
         if not request.POST.has_key('this_is_the_login_form'):
             if request.POST:
                 message = "Please log in again, because your session has expired. "\
@@ -64,18 +67,16 @@ class AdminUserRequired:
         # The user data is correct; log in the user in and continue
         else:
             if self.authenticate_user(user, request.POST.get('password', '')):
+                request.session[users.SESSION_KEY] = user.id
                 if request.POST.has_key('post_data'):
                     post_data = decode_post_data(request.POST['post_data'])
                     if post_data and not post_data.has_key('this_is_the_login_form'):
                         # overwrite request.POST with the saved post_data, and continue
                         request.POST = post_data
                         request.user = user
-                        request.session = sessions.create_session(user.id)
                         return
                     else:
-                        response = httpwrappers.HttpResponseRedirect(request.path)
-                        sessions.start_web_session(user.id, request, response)
-                        return response
+                        return httpwrappers.HttpResponseRedirect(request.path)
             else:
                 return self.display_login_form(request, ERROR_MESSAGE)
 
diff --git a/django/middleware/sessions.py b/django/middleware/sessions.py
new file mode 100644
index 0000000000..41cf3daf02
--- /dev/null
+++ b/django/middleware/sessions.py
@@ -0,0 +1,69 @@
+from django.conf.settings import SESSION_COOKIE_NAME, SESSION_COOKIE_AGE, SESSION_COOKIE_DOMAIN
+from django.models.core import sessions
+import datetime
+
+TEST_COOKIE_NAME = 'testcookie'
+TEST_COOKIE_VALUE = 'worked'
+
+class SessionWrapper(object):
+    def __init__(self, session_key):
+        self.session_key = session_key
+        self.modified = False
+
+    def __getitem__(self, key):
+        return self._session[key]
+
+    def __setitem__(self, key, value):
+        self._session[key] = value
+        self.modified = True
+
+    def __delitem__(self, key):
+        del self._session[key]
+        self.modified = True
+
+    def get(self, key, default=None):
+        return self._session.get(key, default)
+
+    def set_test_cookie(self):
+        self[TEST_COOKIE_NAME] = TEST_COOKIE_VALUE
+
+    def test_cookie_worked(self):
+        return self.get(TEST_COOKIE_NAME) == TEST_COOKIE_VALUE
+
+    def _get_session(self):
+        # Lazily loads session from storage.
+        try:
+            return self._session_cache
+        except AttributeError:
+            if self.session_key is None:
+                self._session_cache = {}
+            else:
+                try:
+                    s = sessions.get_object(session_key__exact=self.session_key,
+                        expire_date__gt=datetime.datetime.now())
+                    self._session_cache = s.get_decoded()
+                except sessions.SessionDoesNotExist:
+                    self._session_cache = {}
+            return self._session_cache
+
+    _session = property(_get_session)
+
+class SessionMiddleware:
+    def process_view(self, request, view_func, param_dict):
+        request.session = SessionWrapper(request.COOKIES.get(SESSION_COOKIE_NAME, None))
+
+    def process_response(self, request, response):
+        # If request.session was modified, or if response.session was set, save
+        # those changes and set a session cookie.
+        try:
+            modified = request.session.modified
+        except AttributeError:
+            modified = False
+        if modified:
+            session_key = request.session.session_key or sessions.get_new_session_key()
+            new_session = sessions.save(session_key, request.session._session,
+                datetime.datetime.now() + datetime.timedelta(seconds=SESSION_COOKIE_AGE))
+            # TODO: Accept variable session length and domain.
+            response.set_cookie(SESSION_COOKIE_NAME, session_key,
+                max_age=SESSION_COOKIE_AGE, domain=SESSION_COOKIE_DOMAIN)
+        return response