1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00

Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion when using SESSION_COOKIE_PATH.

This commit is contained in:
Jon Dufresne 2016-06-21 08:03:25 -07:00 committed by Tim Graham
parent 140c235026
commit d13881bd34
2 changed files with 11 additions and 6 deletions

View File

@ -35,7 +35,11 @@ class SessionMiddleware(MiddlewareMixin):
# First check if we need to delete this cookie. # First check if we need to delete this cookie.
# The session should be deleted only if the session is entirely empty # The session should be deleted only if the session is entirely empty
if settings.SESSION_COOKIE_NAME in request.COOKIES and empty: if settings.SESSION_COOKIE_NAME in request.COOKIES and empty:
response.delete_cookie(settings.SESSION_COOKIE_NAME, domain=settings.SESSION_COOKIE_DOMAIN) response.delete_cookie(
settings.SESSION_COOKIE_NAME,
path=settings.SESSION_COOKIE_PATH,
domain=settings.SESSION_COOKIE_DOMAIN,
)
else: else:
if accessed: if accessed:
patch_vary_headers(response, ('Cookie',)) patch_vary_headers(response, ('Cookie',))

View File

@ -746,8 +746,8 @@ class SessionMiddlewareTests(TestCase):
str(response.cookies[settings.SESSION_COOKIE_NAME]) str(response.cookies[settings.SESSION_COOKIE_NAME])
) )
@override_settings(SESSION_COOKIE_DOMAIN='.example.local') @override_settings(SESSION_COOKIE_DOMAIN='.example.local', SESSION_COOKIE_PATH='/example/')
def test_session_delete_on_end_with_custom_domain(self): def test_session_delete_on_end_with_custom_domain_and_path(self):
request = RequestFactory().get('/') request = RequestFactory().get('/')
response = HttpResponse('Session test') response = HttpResponse('Session test')
middleware = SessionMiddleware() middleware = SessionMiddleware()
@ -763,12 +763,13 @@ class SessionMiddlewareTests(TestCase):
response = middleware.process_response(request, response) response = middleware.process_response(request, response)
# Check that the cookie was deleted, not recreated. # Check that the cookie was deleted, not recreated.
# A deleted cookie header with a custom domain looks like: # A deleted cookie header with a custom domain and path looks like:
# Set-Cookie: sessionid=; Domain=.example.local; # Set-Cookie: sessionid=; Domain=.example.local;
# expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/ # expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0;
# Path=/example/
self.assertEqual( self.assertEqual(
'Set-Cookie: {}={}; Domain=.example.local; expires=Thu, ' 'Set-Cookie: {}={}; Domain=.example.local; expires=Thu, '
'01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/'.format( '01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/example/'.format(
settings.SESSION_COOKIE_NAME, settings.SESSION_COOKIE_NAME,
'""' if sys.version_info >= (3, 5) else '', '""' if sys.version_info >= (3, 5) else '',
), ),