From bd452f90b2032d8d05def99caf6674919827375b Mon Sep 17 00:00:00 2001 From: mdipierro Date: Fri, 20 Sep 2013 08:36:52 -0500 Subject: [PATCH 1/2] session._fixup_before_save --- VERSION | 2 +- gluon/globals.py | 8 ++++++++ gluon/main.py | 8 ++------ 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/VERSION b/VERSION index 761c1f37..b4eaa75f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -Version 2.6.3-stable+timestamp.2013.09.19.22.17.43 +Version 2.6.3-stable+timestamp.2013.09.20.08.35.53 diff --git a/gluon/globals.py b/gluon/globals.py index 2897ff56..359475bf 100644 --- a/gluon/globals.py +++ b/gluon/globals.py @@ -932,6 +932,14 @@ class Session(Storage): else: response.session_new = True + def _fixup_before_save(self): + response = current.response + rcookies = response.cookies + if self._forget and response.session_id_name in rcookies: + del rcookies[response.session_id_name] + elif self._secure and response.session_id_name in rcookies: + rcookies[response.session_id_name]['secure'] = True + def clear_session_cookies(sefl): request = current.request response = current.response diff --git a/gluon/main.py b/gluon/main.py index d8f664ee..2a17528c 100644 --- a/gluon/main.py +++ b/gluon/main.py @@ -503,12 +503,8 @@ def wsgibase(environ, responder): # store cookies in headers # ################################################## - rcookies = response.cookies - if session._forget and response.session_id_name in rcookies: - del rcookies[response.session_id_name] - elif session._secure: - rcookies[response.session_id_name]['secure'] = True - http_response.cookies2headers(rcookies) + session._fixup_before_save() + http_response.cookies2headers(response.cookies) ticket = None From 13f8b1a10ca40b91e542001bb56c4b2b89d49052 Mon Sep 17 00:00:00 2001 From: Joel Rathgaber Date: Fri, 20 Sep 2013 13:29:50 -0600 Subject: [PATCH 2/2] Edited cookie handling code when using a db to store sessions - Session id cookie is always sent back to client in response - When no cookie is sent in as a request, a new session id is created --- gluon/globals.py | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/gluon/globals.py b/gluon/globals.py index 359475bf..1ef01c0b 100644 --- a/gluon/globals.py +++ b/gluon/globals.py @@ -858,15 +858,23 @@ class Session(Storage): else: response.session_id = None response.session_new = True - + # if there is no session id yet, we'll need to create a + # new session + else: + response.session_new = True # set the cookie now if you know the session_id so user can set # cookie attributes in controllers/models # cookie will be reset later # yet cookie may be reset later - if (isinstance(response.session_id,str) and - response.session_id!=old_session_id): + # Removed comparison between old and new session ids - should send + # the cookie all the time + if isinstance(response.session_id,str): response.cookies[response.session_id_name] = response.session_id + response.cookies[response.session_id_name]['path'] = '/' + if cookie_expires: + response.cookies[response.session_id_name]['expires'] = \ + cookie_expires.strftime(FMT) session_pickled = cPickle.dumps(self) response.session_hash = hashlib.md5(session_pickled).hexdigest() @@ -1035,10 +1043,10 @@ class Session(Storage): def _try_store_in_db(self, request, response): # don't save if file-based sessions, # no session id, or session being forgotten - # or no changes to session - + # or no changes to session (Unless the session is new) if (not response.session_db_table or - self._forget or self._unchanged(response)): + self._forget or + (self._unchanged(response) and not response.session_new)): if (not response.session_db_table and global_settings.db_sessions is not True and response.session_masterapp in global_settings.db_sessions):