12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 |
- from django.conf import settings
- from django.contrib.sessions.backends.base import SessionBase
- from django.core import signing
-
-
- class SessionStore(SessionBase):
-
- def load(self):
- """
- Load the data from the key itself instead of fetching from some
- external data store. Opposite of _get_session_key(), raise BadSignature
- if signature fails.
- """
- try:
- return signing.loads(
- self.session_key,
- serializer=self.serializer,
- # This doesn't handle non-default expiry dates, see #19201
- max_age=settings.SESSION_COOKIE_AGE,
- salt='django.contrib.sessions.backends.signed_cookies',
- )
- except Exception:
- # BadSignature, ValueError, or unpickling exceptions. If any of
- # these happen, reset the session.
- self.create()
- return {}
-
- def create(self):
- """
- To create a new key, set the modified flag so that the cookie is set
- on the client for the current request.
- """
- self.modified = True
-
- def save(self, must_create=False):
- """
- To save, get the session key as a securely signed string and then set
- the modified flag so that the cookie is set on the client for the
- current request.
- """
- self._session_key = self._get_session_key()
- self.modified = True
-
- def exists(self, session_key=None):
- """
- This method makes sense when you're talking to a shared resource, but
- it doesn't matter when you're storing the information in the client's
- cookie.
- """
- return False
-
- def delete(self, session_key=None):
- """
- To delete, clear the session key and the underlying data structure
- and set the modified flag so that the cookie is set on the client for
- the current request.
- """
- self._session_key = ''
- self._session_cache = {}
- self.modified = True
-
- def cycle_key(self):
- """
- Keep the same data but with a new key. Call save() and it will
- automatically save a cookie with a new key at the end of the request.
- """
- self.save()
-
- def _get_session_key(self):
- """
- Instead of generating a random string, generate a secure url-safe
- base64-encoded string of data as our session key.
- """
- return signing.dumps(
- self._session, compress=True,
- salt='django.contrib.sessions.backends.signed_cookies',
- serializer=self.serializer,
- )
-
- @classmethod
- def clear_expired(cls):
- pass
|