Loading django/contrib/sessions/middleware.py +2 −1 Original line number Diff line number Diff line Loading @@ -31,7 +31,8 @@ class SessionMiddleware(object): # First check if we need to delete this cookie. # The session should be deleted only if the session is entirely empty if settings.SESSION_COOKIE_NAME in request.COOKIES and empty: response.delete_cookie(settings.SESSION_COOKIE_NAME) response.delete_cookie(settings.SESSION_COOKIE_NAME, domain=settings.SESSION_COOKIE_DOMAIN) else: if accessed: patch_vary_headers(response, ('Cookie',)) Loading docs/releases/1.8.2.txt +3 −0 Original line number Diff line number Diff line Loading @@ -30,3 +30,6 @@ Bugfixes * Fixed a MySQL crash when a migration removes a combined index (unique_together or index_together) containing a foreign key (:ticket:`24757`). * Fixed session cookie deletion when using :setting:`SESSION_COOKIE_DOMAIN` (:ticket:`24799`). tests/sessions_tests/tests.py +29 −0 Original line number Diff line number Diff line Loading @@ -613,6 +613,35 @@ class SessionMiddlewareTests(TestCase): str(response.cookies[settings.SESSION_COOKIE_NAME]) ) @override_settings(SESSION_COOKIE_DOMAIN='.example.local') def test_session_delete_on_end_with_custom_domain(self): request = RequestFactory().get('/') response = HttpResponse('Session test') middleware = SessionMiddleware() # Before deleting, there has to be an existing cookie request.COOKIES[settings.SESSION_COOKIE_NAME] = 'abc' # Simulate a request that ends the session middleware.process_request(request) request.session.flush() # Handle the response through the middleware response = middleware.process_response(request, response) # Check that the cookie was deleted, not recreated. # A deleted cookie header with a custom domain looks like: # Set-Cookie: sessionid=; Domain=.example.local; # expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/ self.assertEqual( 'Set-Cookie: {}={}; Domain=.example.local; expires=Thu, ' '01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/'.format( settings.SESSION_COOKIE_NAME, '""' if sys.version_info >= (3, 5) else '', ), str(response.cookies[settings.SESSION_COOKIE_NAME]) ) # Don't need DB flushing for these tests, so can use unittest.TestCase as base class class CookieSessionTests(SessionTestsMixin, unittest.TestCase): Loading Loading
django/contrib/sessions/middleware.py +2 −1 Original line number Diff line number Diff line Loading @@ -31,7 +31,8 @@ class SessionMiddleware(object): # First check if we need to delete this cookie. # The session should be deleted only if the session is entirely empty if settings.SESSION_COOKIE_NAME in request.COOKIES and empty: response.delete_cookie(settings.SESSION_COOKIE_NAME) response.delete_cookie(settings.SESSION_COOKIE_NAME, domain=settings.SESSION_COOKIE_DOMAIN) else: if accessed: patch_vary_headers(response, ('Cookie',)) Loading
docs/releases/1.8.2.txt +3 −0 Original line number Diff line number Diff line Loading @@ -30,3 +30,6 @@ Bugfixes * Fixed a MySQL crash when a migration removes a combined index (unique_together or index_together) containing a foreign key (:ticket:`24757`). * Fixed session cookie deletion when using :setting:`SESSION_COOKIE_DOMAIN` (:ticket:`24799`).
tests/sessions_tests/tests.py +29 −0 Original line number Diff line number Diff line Loading @@ -613,6 +613,35 @@ class SessionMiddlewareTests(TestCase): str(response.cookies[settings.SESSION_COOKIE_NAME]) ) @override_settings(SESSION_COOKIE_DOMAIN='.example.local') def test_session_delete_on_end_with_custom_domain(self): request = RequestFactory().get('/') response = HttpResponse('Session test') middleware = SessionMiddleware() # Before deleting, there has to be an existing cookie request.COOKIES[settings.SESSION_COOKIE_NAME] = 'abc' # Simulate a request that ends the session middleware.process_request(request) request.session.flush() # Handle the response through the middleware response = middleware.process_response(request, response) # Check that the cookie was deleted, not recreated. # A deleted cookie header with a custom domain looks like: # Set-Cookie: sessionid=; Domain=.example.local; # expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/ self.assertEqual( 'Set-Cookie: {}={}; Domain=.example.local; expires=Thu, ' '01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/'.format( settings.SESSION_COOKIE_NAME, '""' if sys.version_info >= (3, 5) else '', ), str(response.cookies[settings.SESSION_COOKIE_NAME]) ) # Don't need DB flushing for these tests, so can use unittest.TestCase as base class class CookieSessionTests(SessionTestsMixin, unittest.TestCase): Loading
