1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
# -*- coding: utf-8 -*-
"""
flask_oldsessions
~~~~~~~~~~~~~~~~~
Implements cookie based sessions based on Werkzeug's secure cookie
system.
:copyright: (c) 2011 by Armin Ronacher.
:license: BSD, see LICENSE for more details.
"""
from werkzeug.contrib.securecookie import SecureCookie
from flask.sessions import SessionMixin, SessionInterface, \
SecureCookieSessionInterface
class OldSecureCookieSession(SecureCookie, SessionMixin):
"""Expands the session with support for switching between permanent
and non-permanent sessions.
"""
class OldSecureCookieSessionInterface(SessionInterface):
"""The cookie session interface that uses the Werkzeug securecookie
as client side session backend.
"""
session_class = OldSecureCookieSession
def open_session(self, app, request):
key = app.secret_key
if key is not None:
return self.session_class.load_cookie(request,
app.session_cookie_name,
secret_key=key)
def save_session(self, app, session, response):
expires = self.get_expiration_time(app, session)
domain = self.get_cookie_domain(app)
path = self.get_cookie_path(app)
httponly = self.get_cookie_httponly(app)
secure = self.get_cookie_secure(app)
if session.modified and not session:
response.delete_cookie(app.session_cookie_name, path=path,
domain=domain)
else:
session.save_cookie(response, app.session_cookie_name, path=path,
expires=expires, httponly=httponly,
secure=secure, domain=domain)
class UpgradingSessionInterface(SessionInterface):
"""A session interface that upgrades from one session system to
another one.
:param old_interface: the old session interface to use.
:class:`OldSecureCookieSessionInterface`.
:param new_interface: the new session interface to use.
:class:`flask.sessions.SecureCookieSessionInterface`
"""
def __init__(self, old_interface=None, new_interface=None):
if old_interface is None:
old_interface = OldSecureCookieSessionInterface()
if new_interface is None:
new_interface = SecureCookieSessionInterface()
self.old_interface = old_interface
self.new_interface = new_interface
@property
def null_session_class(self):
return self.new_interface.null_session_class
@property
def pickle_based(self):
return self.new_interface.pickle_based
@property
def session_class(self):
return self.new_interface.session_class
def is_null_session(self, obj):
return self.new_interface.is_null_session(obj) or \
self.old_interface.is_null_session(obj)
def open_session(self, app, request):
rv = self.new_interface.open_session(app, request)
if rv is None:
rv = self.old_interface.open_session(app, request)
# Upgrade the session class (this might very well break :()
if rv is not None and not self.is_null_session(rv) and \
not isinstance(rv, self.new_interface.session_class):
rv = self.new_interface.session_class(rv)
return rv
def save_session(self, app, session, response):
return self.new_interface.save_session(app, session, response)
|
