blinkster: web/lib/django/contrib/sessions/models.py@0d40e90630ef (annotated)

0 0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	1	import base64
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	2	import cPickle as pickle
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	3
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	4	from django.db import models
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	5	from django.utils.translation import ugettext_lazy as _
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	6	from django.conf import settings
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	7	from django.utils.hashcompat import md5_constructor
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	8
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	9
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	10	class SessionManager(models.Manager):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	11	def encode(self, session_dict):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	12	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	13	Returns the given session dictionary pickled and encoded as a string.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	14	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	15	pickled = pickle.dumps(session_dict)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	16	pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest()
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	17	return base64.encodestring(pickled + pickled_md5)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	18
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	19	def save(self, session_key, session_dict, expire_date):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	20	s = self.model(session_key, self.encode(session_dict), expire_date)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	21	if session_dict:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	22	s.save()
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	23	else:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	24	s.delete() # Clear sessions with no data.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	25	return s
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	26
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	27
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	28	class Session(models.Model):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	29	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	30	Django provides full support for anonymous sessions. The session
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	31	framework lets you store and retrieve arbitrary data on a
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	32	per-site-visitor basis. It stores data on the server side and
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	33	abstracts the sending and receiving of cookies. Cookies contain a
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	34	session ID -- not the data itself.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	35
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	36	The Django sessions framework is entirely cookie-based. It does
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	37	not fall back to putting session IDs in URLs. This is an intentional
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	38	design decision. Not only does that behavior make URLs ugly, it makes
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	39	your site vulnerable to session-ID theft via the "Referer" header.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	40
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	41	For complete documentation on using Sessions in your code, consult
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	42	the sessions documentation that is shipped with Django (also available
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	43	on the Django website).
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	44	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	45	session_key = models.CharField(_('session key'), max_length=40,
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	46	primary_key=True)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	47	session_data = models.TextField(_('session data'))
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	48	expire_date = models.DateTimeField(_('expire date'))
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	49	objects = SessionManager()
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	50
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	51	class Meta:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	52	db_table = 'django_session'
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	53	verbose_name = _('session')
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	54	verbose_name_plural = _('sessions')
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	55
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	56	def get_decoded(self):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	57	encoded_data = base64.decodestring(self.session_data)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	58	pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	59	if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	60	from django.core.exceptions import SuspiciousOperation
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	61	raise SuspiciousOperation, "User tampered with session cookie."
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	62	try:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	63	return pickle.loads(pickled)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	64	# Unpickling can cause a variety of exceptions. If something happens,
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	65	# just return an empty dictionary (an empty session).
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	66	except:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	67	return {}

author	ymh <ymh.work@gmail.com>
	Wed, 20 Jan 2010 00:34:04 +0100
changeset 0	0d40e90630ef
child 29	cc9b7e14412b
permissions	-rw-r--r--