Ticket #710: sessregen.patch
-
_cptools.py
old new 241 241 242 242 hooks.attach('before_finalize', _sessions.save) 243 243 hooks.attach('on_end_request', _sessions.close) 244 245 def regenerate(self): 246 """Drop the current session and make a new one (with a new id).""" 247 sess = cherrypy._serving.session 248 sess.regenerate() 249 250 # Grab cookie-relevant tool args 251 conf = dict([(k, v) for k, v in self._merged_args().iteritems() 252 if k in ('path', 'path_header', 'name', 'timeout', 253 'domain', 'secure')]) 254 _sessions.set_response_cookie(**conf) 244 255 245 256 257 258 246 259 class XMLRPCController(object): 247 260 """A Controller (page handler collection) for XML-RPC. 248 261 -
lib/sessions.py
old new 58 58 for k, v in kwargs.iteritems(): 59 59 setattr(self, k, v) 60 60 61 self.id = id 61 if id is None: 62 self.regenerate() 63 else: 64 self.id = id 65 66 def regenerate(self): 67 """Replace the current session (with a new id).""" 68 if self.id is not None: 69 self.delete() 70 71 old_session_was_locked = self.locked 72 if old_session_was_locked: 73 self.release_lock() 74 75 self.id = None 62 76 while self.id is None: 63 77 self.id = self.generate_id() 64 78 # Assert that the generated id is not already stored. 65 79 if self._load() is not None: 66 80 self.id = None 81 82 if old_session_was_locked: 83 self.acquire_lock() 67 84 68 85 def clean_up(self): 69 86 """Clean up expired sessions.""" … … 441 458 path_header: if 'path' is None (the default), then the response 442 459 cookie 'path' will be pulled from request.headers[path_header]. 443 460 name: the name of the cookie. 444 timeout: the expiration timeout for the cookie. 461 timeout: the expiration timeout (in minutes) for both the cookie and 462 stored session data. 445 463 domain: the cookie domain. 446 464 secure: if False (the default) the cookie 'secure' value will not 447 465 be set. If True, the cookie 'secure' value will be set (to 1). … … 478 496 if hasattr(sess, "setup"): 479 497 sess.setup() 480 498 499 set_response_cookie(path=path, path_header=path_header, name=name, 500 timeout=timeout, domain=domain, secure=secure) 501 502 503 def set_response_cookie(path=None, path_header=None, name='session_id', 504 timeout=60, domain=None, secure=False): 505 """Set a response cookie for the client. 506 507 path: the 'path' value to stick in the response cookie metadata. 508 path_header: if 'path' is None (the default), then the response 509 cookie 'path' will be pulled from request.headers[path_header]. 510 name: the name of the cookie. 511 timeout: the expiration timeout for the cookie. 512 domain: the cookie domain. 513 secure: if False (the default) the cookie 'secure' value will not 514 be set. If True, the cookie 'secure' value will be set (to 1). 515 """ 481 516 # Set response cookie 482 517 cookie = cherrypy.response.cookie 483 cookie[name] = sess.id 484 cookie[name]['path'] = path or request.headers.get(path_header) or '/' 518 cookie[name] = cherrypy._serving.session.id 519 cookie[name]['path'] = (path or cherrypy.request.headers.get(path_header) 520 or '/') 485 521 486 522 # We'd like to use the "max-age" param as indicated in 487 523 # http://www.faqs.org/rfcs/rfc2109.html but IE doesn't -
test/test_session.py
old new 67 67 def iredir(self): 68 68 raise cherrypy.InternalRedirect('/blah') 69 69 iredir.exposed = True 70 71 def regen(self): 72 cherrypy.tools.sessions.regenerate() 73 return "logged in" 74 regen.exposed = True 70 75 71 76 cherrypy.tree.mount(Root()) 72 77 cherrypy.config.update({'environment': 'test_suite'}) … … 174 179 path = os.path.join(localDir, "session-" + id) 175 180 os.unlink(path) 176 181 self.getPage('/testStr', self.cookies) 182 183 def test_5_regenerate(self): 184 self.getPage('/testStr') 185 # grab the cookie ID 186 id1 = self.cookies[0][1].split(";", 1)[0].split("=", 1)[1] 187 self.getPage('/regen') 188 self.assertBody('logged in') 189 id2 = self.cookies[0][1].split(";", 1)[0].split("=", 1)[1] 190 self.assertNotEqual(id1, id2) 177 191 178 192 179 193
