Fixed #14685 - incompatible code in contrib.sessions.models (0324151b) · Commits · Dom Sekotill / django

django/contrib/sessions/models.py

+4 −17

Original line number	Diff line number	Diff line
		@@ -3,18 +3,13 @@ import cPickle as pickle

		from django.db import models
		from django.utils.translation import ugettext_lazy as _
		from django.conf import settings
		from django.utils.hashcompat import md5_constructor


		class SessionManager(models.Manager):
		def encode(self, session_dict):
		"""
		Returns the given session dictionary pickled and encoded as a string.
		"""
		pickled = pickle.dumps(session_dict)
		pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest()
		return base64.encodestring(pickled + pickled_md5)
		return SessionStore().encode(session_dict)

		def save(self, session_key, session_dict, expire_date):
		s = self.model(session_key, self.encode(session_dict), expire_date)
		@@ -54,14 +49,6 @@ class Session(models.Model):
		verbose_name_plural = _('sessions')

		def get_decoded(self):
		encoded_data = base64.decodestring(self.session_data)
		pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
		if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
		from django.core.exceptions import SuspiciousOperation
		raise SuspiciousOperation("User tampered with session cookie.")
		try:
		return pickle.loads(pickled)
		# Unpickling can cause a variety of exceptions. If something happens,
		# just return an empty dictionary (an empty session).
		except:
		return {}
		return SessionStore().decode(self.session_data)

		from django.contrib.sessions.backends.db import SessionStore

+27 −0

Original line number	Diff line number	Diff line
		@@ -263,6 +263,33 @@ class DatabaseSessionTests(SessionTestsMixin, TestCase):

		backend = DatabaseSession

		def test_session_get_decoded(self):
		"""
		Test we can use Session.get_decoded to retrieve data stored
		in normal way
		"""
		self.session['x'] = 1
		self.session.save()

		s = Session.objects.get(session_key=self.session.session_key)

		self.assertEqual(s.get_decoded(), {'x': 1})

		def test_sessionmanager_save(self):
		"""
		Test SessionManager.save method
		"""
		# Create a session
		self.session['y'] = 1
		self.session.save()

		s = Session.objects.get(session_key=self.session.session_key)
		# Change it
		Session.objects.save(s.session_key, {'y':2}, s.expire_date)
		# Clear cache, so that it will be retrieved from DB
		del self.session._session_cache
		self.assertEqual(self.session['y'], 2)


		class CacheDBSessionTests(SessionTestsMixin, TestCase):