mirror of
https://github.com/django/django.git
synced 2024-12-22 17:16:24 +00:00
Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion when using SESSION_COOKIE_PATH.
This commit is contained in:
parent
140c235026
commit
d13881bd34
@ -35,7 +35,11 @@ class SessionMiddleware(MiddlewareMixin):
|
|||||||
# First check if we need to delete this cookie.
|
# First check if we need to delete this cookie.
|
||||||
# The session should be deleted only if the session is entirely empty
|
# The session should be deleted only if the session is entirely empty
|
||||||
if settings.SESSION_COOKIE_NAME in request.COOKIES and empty:
|
if settings.SESSION_COOKIE_NAME in request.COOKIES and empty:
|
||||||
response.delete_cookie(settings.SESSION_COOKIE_NAME, domain=settings.SESSION_COOKIE_DOMAIN)
|
response.delete_cookie(
|
||||||
|
settings.SESSION_COOKIE_NAME,
|
||||||
|
path=settings.SESSION_COOKIE_PATH,
|
||||||
|
domain=settings.SESSION_COOKIE_DOMAIN,
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
if accessed:
|
if accessed:
|
||||||
patch_vary_headers(response, ('Cookie',))
|
patch_vary_headers(response, ('Cookie',))
|
||||||
|
@ -746,8 +746,8 @@ class SessionMiddlewareTests(TestCase):
|
|||||||
str(response.cookies[settings.SESSION_COOKIE_NAME])
|
str(response.cookies[settings.SESSION_COOKIE_NAME])
|
||||||
)
|
)
|
||||||
|
|
||||||
@override_settings(SESSION_COOKIE_DOMAIN='.example.local')
|
@override_settings(SESSION_COOKIE_DOMAIN='.example.local', SESSION_COOKIE_PATH='/example/')
|
||||||
def test_session_delete_on_end_with_custom_domain(self):
|
def test_session_delete_on_end_with_custom_domain_and_path(self):
|
||||||
request = RequestFactory().get('/')
|
request = RequestFactory().get('/')
|
||||||
response = HttpResponse('Session test')
|
response = HttpResponse('Session test')
|
||||||
middleware = SessionMiddleware()
|
middleware = SessionMiddleware()
|
||||||
@ -763,12 +763,13 @@ class SessionMiddlewareTests(TestCase):
|
|||||||
response = middleware.process_response(request, response)
|
response = middleware.process_response(request, response)
|
||||||
|
|
||||||
# Check that the cookie was deleted, not recreated.
|
# Check that the cookie was deleted, not recreated.
|
||||||
# A deleted cookie header with a custom domain looks like:
|
# A deleted cookie header with a custom domain and path looks like:
|
||||||
# Set-Cookie: sessionid=; Domain=.example.local;
|
# Set-Cookie: sessionid=; Domain=.example.local;
|
||||||
# expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/
|
# expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0;
|
||||||
|
# Path=/example/
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
'Set-Cookie: {}={}; Domain=.example.local; expires=Thu, '
|
'Set-Cookie: {}={}; Domain=.example.local; expires=Thu, '
|
||||||
'01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/'.format(
|
'01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/example/'.format(
|
||||||
settings.SESSION_COOKIE_NAME,
|
settings.SESSION_COOKIE_NAME,
|
||||||
'""' if sys.version_info >= (3, 5) else '',
|
'""' if sys.version_info >= (3, 5) else '',
|
||||||
),
|
),
|
||||||
|
Loading…
Reference in New Issue
Block a user