diff --git a/django/contrib/sessions/backends/base.py b/django/contrib/sessions/backends/base.py
index c8393f23c6..65bbe059eb 100644
--- a/django/contrib/sessions/backends/base.py
+++ b/django/contrib/sessions/backends/base.py
@@ -170,9 +170,13 @@ class SessionBase(object):
_session = property(_get_session)
- def get_expiry_age(self):
- """Get the number of seconds until the session expires."""
- expiry = self.get('_session_expiry')
+ def get_expiry_age(self, expiry=None):
+ """Get the number of seconds until the session expires.
+
+ expiry is an optional parameter specifying the datetime of expiry.
+ """
+ if expiry is None:
+ expiry = self.get('_session_expiry')
if not expiry: # Checks both None and 0 cases
return settings.SESSION_COOKIE_AGE
if not isinstance(expiry, datetime):
diff --git a/django/contrib/sessions/backends/cached_db.py b/django/contrib/sessions/backends/cached_db.py
index ff6076df77..8e4cf8b7e7 100644
--- a/django/contrib/sessions/backends/cached_db.py
+++ b/django/contrib/sessions/backends/cached_db.py
@@ -2,9 +2,10 @@
Cached, database-backed sessions.
"""
-from django.conf import settings
from django.contrib.sessions.backends.db import SessionStore as DBStore
from django.core.cache import cache
+from django.core.exceptions import SuspiciousOperation
+from django.utils import timezone
KEY_PREFIX = "django.contrib.sessions.cached_db"
@@ -28,9 +29,21 @@ class SessionStore(DBStore):
# Some backends (e.g. memcache) raise an exception on invalid
# cache keys. If this happens, reset the session. See #17810.
data = None
+
if data is None:
- data = super(SessionStore, self).load()
- cache.set(self.cache_key, data, settings.SESSION_COOKIE_AGE)
+ # Duplicate DBStore.load, because we need to keep track
+ # of the expiry date to set it properly in the cache.
+ try:
+ s = Session.objects.get(
+ session_key=self.session_key,
+ expire_date__gt=timezone.now()
+ )
+ data = self.decode(s.session_data)
+ cache.set(self.cache_key, data,
+ self.get_expiry_age(s.expire_date))
+ except (Session.DoesNotExist, SuspiciousOperation):
+ self.create()
+ data = {}
return data
def exists(self, session_key):
@@ -40,7 +53,7 @@ class SessionStore(DBStore):
def save(self, must_create=False):
super(SessionStore, self).save(must_create)
- cache.set(self.cache_key, self._session, settings.SESSION_COOKIE_AGE)
+ cache.set(self.cache_key, self._session, self.get_expiry_age())
def delete(self, session_key=None):
super(SessionStore, self).delete(session_key)
@@ -58,3 +71,7 @@ class SessionStore(DBStore):
self.clear()
self.delete(self.session_key)
self.create()
+
+
+# At bottom to avoid circular import
+from django.contrib.sessions.models import Session
diff --git a/django/contrib/sessions/backends/db.py b/django/contrib/sessions/backends/db.py
index babdb72c27..4dacc96000 100644
--- a/django/contrib/sessions/backends/db.py
+++ b/django/contrib/sessions/backends/db.py
@@ -14,7 +14,7 @@ class SessionStore(SessionBase):
def load(self):
try:
s = Session.objects.get(
- session_key = self.session_key,
+ session_key=self.session_key,
expire_date__gt=timezone.now()
)
return self.decode(s.session_data)
diff --git a/django/contrib/sessions/backends/signed_cookies.py b/django/contrib/sessions/backends/signed_cookies.py
index 41ba7af634..23915cf98c 100644
--- a/django/contrib/sessions/backends/signed_cookies.py
+++ b/django/contrib/sessions/backends/signed_cookies.py
@@ -32,6 +32,7 @@ class SessionStore(SessionBase):
try:
return signing.loads(self.session_key,
serializer=PickleSerializer,
+ # This doesn't handle non-default expiry dates, see #19201
max_age=settings.SESSION_COOKIE_AGE,
salt='django.contrib.sessions.backends.signed_cookies')
except (signing.BadSignature, ValueError):
diff --git a/django/contrib/sessions/tests.py b/django/contrib/sessions/tests.py
index fc2d8753d7..527e8eb331 100644
--- a/django/contrib/sessions/tests.py
+++ b/django/contrib/sessions/tests.py
@@ -83,7 +83,7 @@ class SessionTestsMixin(object):
self.session['some key'] = 1
self.session.modified = False
self.session.accessed = False
- self.assertTrue('some key' in self.session)
+ self.assertIn('some key', self.session)
self.assertTrue(self.session.accessed)
self.assertFalse(self.session.modified)
@@ -200,28 +200,28 @@ class SessionTestsMixin(object):
# Using seconds
self.session.set_expiry(10)
delta = self.session.get_expiry_date() - timezone.now()
- self.assertTrue(delta.seconds in (9, 10))
+ self.assertIn(delta.seconds, (9, 10))
age = self.session.get_expiry_age()
- self.assertTrue(age in (9, 10))
+ self.assertIn(age, (9, 10))
def test_custom_expiry_timedelta(self):
# Using timedelta
self.session.set_expiry(timedelta(seconds=10))
delta = self.session.get_expiry_date() - timezone.now()
- self.assertTrue(delta.seconds in (9, 10))
+ self.assertIn(delta.seconds, (9, 10))
age = self.session.get_expiry_age()
- self.assertTrue(age in (9, 10))
+ self.assertIn(age, (9, 10))
def test_custom_expiry_datetime(self):
# Using fixed datetime
self.session.set_expiry(timezone.now() + timedelta(seconds=10))
delta = self.session.get_expiry_date() - timezone.now()
- self.assertTrue(delta.seconds in (9, 10))
+ self.assertIn(delta.seconds, (9, 10))
age = self.session.get_expiry_age()
- self.assertTrue(age in (9, 10))
+ self.assertIn(age, (9, 10))
def test_custom_expiry_reset(self):
self.session.set_expiry(None)
@@ -258,6 +258,21 @@ class SessionTestsMixin(object):
encoded = self.session.encode(data)
self.assertEqual(self.session.decode(encoded), data)
+ def test_actual_expiry(self):
+ # Regression test for #19200
+ old_session_key = None
+ new_session_key = None
+ try:
+ self.session['foo'] = 'bar'
+ self.session.set_expiry(-timedelta(seconds=10))
+ self.session.create()
+ # With an expiry date in the past, the session expires instantly.
+ new_session = self.backend(self.session.session_key)
+ self.assertNotIn('foo', new_session)
+ finally:
+ self.session.delete(old_session_key)
+ self.session.delete(new_session_key)
+
class DatabaseSessionTests(SessionTestsMixin, TestCase):