Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

middleware.py 3.4KB

1 year ago
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
  1. import time
  2. from importlib import import_module
  3. from django.conf import settings
  4. from django.contrib.sessions.backends.base import UpdateError
  5. from django.contrib.sessions.exceptions import SessionInterrupted
  6. from django.utils.cache import patch_vary_headers
  7. from django.utils.deprecation import MiddlewareMixin
  8. from django.utils.http import http_date
  9. class SessionMiddleware(MiddlewareMixin):
  10. def __init__(self, get_response):
  11. super().__init__(get_response)
  12. engine = import_module(settings.SESSION_ENGINE)
  13. self.SessionStore = engine.SessionStore
  14. def process_request(self, request):
  15. session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME)
  16. request.session = self.SessionStore(session_key)
  17. def process_response(self, request, response):
  18. """
  19. If request.session was modified, or if the configuration is to save the
  20. session every time, save the changes and set a session cookie or delete
  21. the session cookie if the session has been emptied.
  22. """
  23. try:
  24. accessed = request.session.accessed
  25. modified = request.session.modified
  26. empty = request.session.is_empty()
  27. except AttributeError:
  28. return response
  29. # First check if we need to delete this cookie.
  30. # The session should be deleted only if the session is entirely empty.
  31. if settings.SESSION_COOKIE_NAME in request.COOKIES and empty:
  32. response.delete_cookie(
  33. settings.SESSION_COOKIE_NAME,
  34. path=settings.SESSION_COOKIE_PATH,
  35. domain=settings.SESSION_COOKIE_DOMAIN,
  36. samesite=settings.SESSION_COOKIE_SAMESITE,
  37. )
  38. patch_vary_headers(response, ("Cookie",))
  39. else:
  40. if accessed:
  41. patch_vary_headers(response, ("Cookie",))
  42. if (modified or settings.SESSION_SAVE_EVERY_REQUEST) and not empty:
  43. if request.session.get_expire_at_browser_close():
  44. max_age = None
  45. expires = None
  46. else:
  47. max_age = request.session.get_expiry_age()
  48. expires_time = time.time() + max_age
  49. expires = http_date(expires_time)
  50. # Save the session data and refresh the client cookie.
  51. # Skip session save for 500 responses, refs #3881.
  52. if response.status_code != 500:
  53. try:
  54. request.session.save()
  55. except UpdateError:
  56. raise SessionInterrupted(
  57. "The request's session was deleted before the "
  58. "request completed. The user may have logged "
  59. "out in a concurrent request, for example."
  60. )
  61. response.set_cookie(
  62. settings.SESSION_COOKIE_NAME,
  63. request.session.session_key,
  64. max_age=max_age,
  65. expires=expires,
  66. domain=settings.SESSION_COOKIE_DOMAIN,
  67. path=settings.SESSION_COOKIE_PATH,
  68. secure=settings.SESSION_COOKIE_SECURE or None,
  69. httponly=settings.SESSION_COOKIE_HTTPONLY or None,
  70. samesite=settings.SESSION_COOKIE_SAMESITE,
  71. )
  72. return response