summaryrefslogtreecommitdiff
path: root/django/contrib/sessions
diff options
context:
space:
mode:
Diffstat (limited to 'django/contrib/sessions')
-rw-r--r--django/contrib/sessions/backends/base.py10
-rw-r--r--django/contrib/sessions/backends/cache.py2
-rw-r--r--django/contrib/sessions/backends/db.py3
-rw-r--r--django/contrib/sessions/middleware.py5
-rw-r--r--django/contrib/sessions/models.py6
5 files changed, 8 insertions, 18 deletions
diff --git a/django/contrib/sessions/backends/base.py b/django/contrib/sessions/backends/base.py
index b40fba6e6e..7153b8a267 100644
--- a/django/contrib/sessions/backends/base.py
+++ b/django/contrib/sessions/backends/base.py
@@ -1,5 +1,4 @@
import base64
-import md5
import os
import random
import sys
@@ -12,6 +11,7 @@ except ImportError:
from django.conf import settings
from django.core.exceptions import SuspiciousOperation
+from django.utils.hashcompat import md5_constructor
class SessionBase(object):
@@ -73,13 +73,13 @@ class SessionBase(object):
def encode(self, session_dict):
"Returns the given session dictionary pickled and encoded as a string."
pickled = pickle.dumps(session_dict, pickle.HIGHEST_PROTOCOL)
- pickled_md5 = md5.new(pickled + settings.SECRET_KEY).hexdigest()
+ pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest()
return base64.encodestring(pickled + pickled_md5)
def decode(self, session_data):
encoded_data = base64.decodestring(session_data)
pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
- if md5.new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
+ if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
raise SuspiciousOperation("User tampered with session cookie.")
try:
return pickle.loads(pickled)
@@ -117,8 +117,8 @@ class SessionBase(object):
# No getpid() in Jython, for example
pid = 1
while 1:
- session_key = md5.new("%s%s%s%s" % (random.randint(0, sys.maxint - 1),
- pid, time.time(), settings.SECRET_KEY)).hexdigest()
+ session_key = md5_constructor("%s%s%s%s" % (random.randint(0, sys.maxint - 1),
+ pid, time.time(), settings.SECRET_KEY)).hexdigest()
if not self.exists(session_key):
break
return session_key
diff --git a/django/contrib/sessions/backends/cache.py b/django/contrib/sessions/backends/cache.py
index 7e171e8309..5ffb5a136b 100644
--- a/django/contrib/sessions/backends/cache.py
+++ b/django/contrib/sessions/backends/cache.py
@@ -1,8 +1,6 @@
-from django.conf import settings
from django.contrib.sessions.backends.base import SessionBase
from django.core.cache import cache
-
class SessionStore(SessionBase):
"""
A cache-based session store.
diff --git a/django/contrib/sessions/backends/db.py b/django/contrib/sessions/backends/db.py
index 67132c7560..add3d70074 100644
--- a/django/contrib/sessions/backends/db.py
+++ b/django/contrib/sessions/backends/db.py
@@ -1,11 +1,8 @@
import datetime
-
-from django.conf import settings
from django.contrib.sessions.models import Session
from django.contrib.sessions.backends.base import SessionBase
from django.core.exceptions import SuspiciousOperation
-
class SessionStore(SessionBase):
"""
Implements database session store.
diff --git a/django/contrib/sessions/middleware.py b/django/contrib/sessions/middleware.py
index 238d6095e5..ce6e678ebc 100644
--- a/django/contrib/sessions/middleware.py
+++ b/django/contrib/sessions/middleware.py
@@ -4,12 +4,7 @@ from django.conf import settings
from django.utils.cache import patch_vary_headers
from django.utils.http import cookie_date
-TEST_COOKIE_NAME = 'testcookie'
-TEST_COOKIE_VALUE = 'worked'
-
-
class SessionMiddleware(object):
-
def process_request(self, request):
engine = __import__(settings.SESSION_ENGINE, {}, {}, [''])
session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None)
diff --git a/django/contrib/sessions/models.py b/django/contrib/sessions/models.py
index 70fce3b226..cf2865fcc8 100644
--- a/django/contrib/sessions/models.py
+++ b/django/contrib/sessions/models.py
@@ -1,10 +1,10 @@
import base64
-import md5
import cPickle as pickle
from django.db import models
from django.utils.translation import ugettext_lazy as _
from django.conf import settings
+from django.utils.hashcompat import md5_constructor
class SessionManager(models.Manager):
@@ -13,7 +13,7 @@ class SessionManager(models.Manager):
Returns the given session dictionary pickled and encoded as a string.
"""
pickled = pickle.dumps(session_dict)
- pickled_md5 = md5.new(pickled + settings.SECRET_KEY).hexdigest()
+ pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest()
return base64.encodestring(pickled + pickled_md5)
def save(self, session_key, session_dict, expire_date):
@@ -56,7 +56,7 @@ class Session(models.Model):
def get_decoded(self):
encoded_data = base64.decodestring(self.session_data)
pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]
- if md5.new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
+ if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:
from django.core.exceptions import SuspiciousOperation
raise SuspiciousOperation, "User tampered with session cookie."
try:
View Lorry Controller Status