Coverage for /var/srv/projects/api.amasfac.comuna18.com/tmp/venv/lib/python3.9/site-packages/django/contrib/sessions/middleware.py: 59%
42 statements
« prev ^ index » next coverage.py v6.4.4, created at 2023-07-17 14:22 -0600
« prev ^ index » next coverage.py v6.4.4, created at 2023-07-17 14:22 -0600
1import time
2from importlib import import_module
4from django.conf import settings
5from django.contrib.sessions.backends.base import UpdateError
6from django.contrib.sessions.exceptions import SessionInterrupted
7from django.utils.cache import patch_vary_headers
8from django.utils.deprecation import MiddlewareMixin
9from django.utils.http import http_date
12class SessionMiddleware(MiddlewareMixin):
13 def __init__(self, get_response):
14 super().__init__(get_response)
15 engine = import_module(settings.SESSION_ENGINE)
16 self.SessionStore = engine.SessionStore
18 def process_request(self, request):
19 session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME)
20 request.session = self.SessionStore(session_key)
22 def process_response(self, request, response):
23 """
24 If request.session was modified, or if the configuration is to save the
25 session every time, save the changes and set a session cookie or delete
26 the session cookie if the session has been emptied.
27 """
28 try:
29 accessed = request.session.accessed
30 modified = request.session.modified
31 empty = request.session.is_empty()
32 except AttributeError:
33 return response
34 # First check if we need to delete this cookie.
35 # The session should be deleted only if the session is entirely empty.
36 if settings.SESSION_COOKIE_NAME in request.COOKIES and empty: 36 ↛ 37line 36 didn't jump to line 37, because the condition on line 36 was never true
37 response.delete_cookie(
38 settings.SESSION_COOKIE_NAME,
39 path=settings.SESSION_COOKIE_PATH,
40 domain=settings.SESSION_COOKIE_DOMAIN,
41 samesite=settings.SESSION_COOKIE_SAMESITE,
42 )
43 patch_vary_headers(response, ("Cookie",))
44 else:
45 if accessed:
46 patch_vary_headers(response, ("Cookie",))
47 if (modified or settings.SESSION_SAVE_EVERY_REQUEST) and not empty: 47 ↛ 48line 47 didn't jump to line 48, because the condition on line 47 was never true
48 if request.session.get_expire_at_browser_close():
49 max_age = None
50 expires = None
51 else:
52 max_age = request.session.get_expiry_age()
53 expires_time = time.time() + max_age
54 expires = http_date(expires_time)
55 # Save the session data and refresh the client cookie.
56 # Skip session save for 500 responses, refs #3881.
57 if response.status_code != 500:
58 try:
59 request.session.save()
60 except UpdateError:
61 raise SessionInterrupted(
62 "The request's session was deleted before the "
63 "request completed. The user may have logged "
64 "out in a concurrent request, for example."
65 )
66 response.set_cookie(
67 settings.SESSION_COOKIE_NAME,
68 request.session.session_key,
69 max_age=max_age,
70 expires=expires,
71 domain=settings.SESSION_COOKIE_DOMAIN,
72 path=settings.SESSION_COOKIE_PATH,
73 secure=settings.SESSION_COOKIE_SECURE or None,
74 httponly=settings.SESSION_COOKIE_HTTPONLY or None,
75 samesite=settings.SESSION_COOKIE_SAMESITE,
76 )
77 return response