Last active
May 21, 2019 16:56
-
-
Save goutomroy/165b4dc7fe343a1e3b5712555adf6231 to your computer and use it in GitHub Desktop.
django.contrib.sessions.middleware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import time | |
from importlib import import_module | |
from django.conf import settings | |
from django.contrib.sessions.backends.base import UpdateError | |
from django.core.exceptions import SuspiciousOperation | |
from django.utils.cache import patch_vary_headers | |
from django.utils.deprecation import MiddlewareMixin | |
from django.utils.http import http_date | |
class SessionMiddleware(MiddlewareMixin): | |
def __init__(self, get_response=None): | |
self.get_response = get_response | |
engine = import_module(settings.SESSION_ENGINE) | |
self.SessionStore = engine.SessionStore | |
def process_request(self, request): | |
session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME) | |
request.session = self.SessionStore(session_key) | |
def process_response(self, request, response): | |
""" | |
If request.session was modified, or if the configuration is to save the | |
session every time, save the changes and set a session cookie or delete | |
the session cookie if the session has been emptied. | |
""" | |
try: | |
accessed = request.session.accessed | |
modified = request.session.modified | |
empty = request.session.is_empty() | |
except AttributeError: | |
pass | |
else: | |
# First check if we need to delete this cookie. | |
# The session should be deleted only if the session is entirely empty | |
if settings.SESSION_COOKIE_NAME in request.COOKIES and empty: | |
response.delete_cookie( | |
settings.SESSION_COOKIE_NAME, | |
path=settings.SESSION_COOKIE_PATH, | |
domain=settings.SESSION_COOKIE_DOMAIN, | |
) | |
patch_vary_headers(response, ('Cookie',)) | |
else: | |
if accessed: | |
patch_vary_headers(response, ('Cookie',)) | |
if (modified or settings.SESSION_SAVE_EVERY_REQUEST) and not empty: | |
if request.session.get_expire_at_browser_close(): | |
max_age = None | |
expires = None | |
else: | |
max_age = request.session.get_expiry_age() | |
expires_time = time.time() + max_age | |
expires = http_date(expires_time) | |
# Save the session data and refresh the client cookie. | |
# Skip session save for 500 responses, refs #3881. | |
if response.status_code != 500: | |
try: | |
request.session.save() | |
except UpdateError: | |
raise SuspiciousOperation( | |
"The request's session was deleted before the " | |
"request completed. The user may have logged " | |
"out in a concurrent request, for example." | |
) | |
response.set_cookie( | |
settings.SESSION_COOKIE_NAME, | |
request.session.session_key, max_age=max_age, | |
expires=expires, domain=settings.SESSION_COOKIE_DOMAIN, | |
path=settings.SESSION_COOKIE_PATH, | |
secure=settings.SESSION_COOKIE_SECURE or None, | |
httponly=settings.SESSION_COOKIE_HTTPONLY or None, | |
samesite=settings.SESSION_COOKIE_SAMESITE, | |
) | |
return response |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment