import base64

import md5

import cPickle as pickle

from django.db import models

from django.utils.translation import ugettext_lazy as _

from django.conf import settings

class SessionManager(models.Manager):

    def encode(self, session_dict):

        "Returns the given session dictionary pickled and encoded as a string."

        pickled = pickle.dumps(session_dict)

        pickled_md5 = md5.new(pickled + settings.SECRET_KEY).hexdigest()

        return base64.encodestring(pickled + pickled_md5)

    def save(self, session_key, session_dict, expire_date):

        s = self.model(session_key, self.encode(session_dict), expire_date)

        if session_dict:

            s.save()

        else:

            s.delete() # Clear sessions with no data.

        return s

class Session(models.Model):

    """

    Django provides full support for anonymous sessions. The session

    framework lets you store and retrieve arbitrary data on a

    per-site-visitor basis. It stores data on the server side and

    abstracts the sending and receiving of cookies. Cookies contain a

    session ID -- not the data itself.

    The Django sessions framework is entirely cookie-based. It does

    not fall back to putting session IDs in URLs. This is an intentional

    design decision. Not only does that behavior make URLs ugly, it makes

    your site vulnerable to session-ID theft via the "Referer" header.

    For complete documentation on using Sessions in your code, consult

    the sessions documentation that is shipped with Django (also available

    on the Django website).

    """

    session_key = models.CharField(_('session key'), max_length=40, primary_key=True)

    session_data = models.TextField(_('session data'))

    expire_date = models.DateTimeField(_('expire date'))

    objects = SessionManager()

    class Meta:

        db_table = 'django_session'

        verbose_name = _('session')

        verbose_name_plural = _('sessions')

    def get_decoded(self):

        encoded_data = base64.decodestring(self.session_data)

        pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]

        if md5.new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check:

            from django.core.exceptions import SuspiciousOperation

            raise SuspiciousOperation, "User tampered with session cookie."

        try:

            return pickle.loads(pickled)

        # Unpickling can cause a variety of exceptions. If something happens,

        # just return an empty dictionary (an empty session).

        except:

            return {}