webapp/django/contrib/sessions/models.py - gerrit-attic - Git at Google

 import base64
 import cPickle as pickle

 from django.db import models
 from django.utils.translation import ugettext_lazy as _
 from django.conf import settings
 from django.utils.hashcompat import md5_constructor


 class SessionManager(models.Manager):
     def encode(self, session_dict):
         """
         Returns the given session dictionary pickled and encoded as a string.
         """
         pickled = pickle.dumps(session_dict)
         pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest()
         return base64.encodestring(pickled + pickled_md5)

     def save(self, session_key, session_dict, expire_date):
         s = self.model(session_key, self.encode(session_dict), expire_date)
         if session_dict:
             s.save()
         else:
             s.delete() # Clear sessions with no data.
         return s


 class Session(models.Model):
     """
     Django provides full support for anonymous sessions. The session
     framework lets you store and retrieve arbitrary data on a
     per-site-visitor basis. It stores data on the server side and
     abstracts the sending and receiving of cookies. Cookies contain a
     session ID -- not the data itself.

     The Django sessions framework is entirely cookie-based. It does
     not fall back to putting session IDs in URLs. This is an intentional
     design decision. Not only does that behavior make URLs ugly, it makes
     your site vulnerable to session-ID theft via the "Referer" header.

     For complete documentation on using Sessions in your code, consult
     the sessions documentation that is shipped with Django (also available
     on the Django website).
     """
     session_key = models.CharField(_('session key'), max_length=40,
                                    primary_key=True)
     session_data = models.TextField(_('session data'))
     expire_date = models.DateTimeField(_('expire date'))
     objects = SessionManager()

     class Meta:
         db_table = 'django_session'
         verbose_name = _('session')
         verbose_name_plural = _('sessions')

     def get_decoded(self):
         encoded_data = base64.decodestring(self.session_data)
         pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
         if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
             from django.core.exceptions import SuspiciousOperation
             raise SuspiciousOperation, "User tampered with session cookie."
         try:
             return pickle.loads(pickled)
         # Unpickling can cause a variety of exceptions. If something happens,
         # just return an empty dictionary (an empty session).
         except:
             return {}
	import base64
	import cPickle as pickle

	from django.db import models
	from django.utils.translation import ugettext_lazy as _
	from django.conf import settings
	from django.utils.hashcompat import md5_constructor


	class SessionManager(models.Manager):
	def encode(self, session_dict):
	"""
	Returns the given session dictionary pickled and encoded as a string.
	"""
	pickled = pickle.dumps(session_dict)
	pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest()
	return base64.encodestring(pickled + pickled_md5)

	def save(self, session_key, session_dict, expire_date):
	s = self.model(session_key, self.encode(session_dict), expire_date)
	if session_dict:
	s.save()
	else:
	s.delete() # Clear sessions with no data.
	return s


	class Session(models.Model):
	"""
	Django provides full support for anonymous sessions. The session
	framework lets you store and retrieve arbitrary data on a
	per-site-visitor basis. It stores data on the server side and
	abstracts the sending and receiving of cookies. Cookies contain a
	session ID -- not the data itself.

	The Django sessions framework is entirely cookie-based. It does
	not fall back to putting session IDs in URLs. This is an intentional
	design decision. Not only does that behavior make URLs ugly, it makes
	your site vulnerable to session-ID theft via the "Referer" header.

	For complete documentation on using Sessions in your code, consult
	the sessions documentation that is shipped with Django (also available
	on the Django website).
	"""
	session_key = models.CharField(_('session key'), max_length=40,
	primary_key=True)
	session_data = models.TextField(_('session data'))
	expire_date = models.DateTimeField(_('expire date'))
	objects = SessionManager()

	class Meta:
	db_table = 'django_session'
	verbose_name = _('session')
	verbose_name_plural = _('sessions')

	def get_decoded(self):
	encoded_data = base64.decodestring(self.session_data)
	pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
	if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
	from django.core.exceptions import SuspiciousOperation
	raise SuspiciousOperation, "User tampered with session cookie."
	try:
	return pickle.loads(pickled)
	# Unpickling can cause a variety of exceptions. If something happens,
	# just return an empty dictionary (an empty session).
	except:
	return {}