|
1 import os |
|
2 import tempfile |
|
3 from django.conf import settings |
|
4 from django.contrib.sessions.backends.base import SessionBase |
|
5 from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured |
|
6 |
|
7 class SessionStore(SessionBase): |
|
8 """ |
|
9 Implements a file based session store. |
|
10 """ |
|
11 def __init__(self, session_key=None): |
|
12 self.storage_path = getattr(settings, "SESSION_FILE_PATH", None) |
|
13 if not self.storage_path: |
|
14 self.storage_path = tempfile.gettempdir() |
|
15 |
|
16 # Make sure the storage path is valid. |
|
17 if not os.path.isdir(self.storage_path): |
|
18 raise ImproperlyConfigured("The session storage path %r doesn't exist. "\ |
|
19 "Please set your SESSION_FILE_PATH setting "\ |
|
20 "to an existing directory in which Django "\ |
|
21 "can store session data." % self.storage_path) |
|
22 |
|
23 self.file_prefix = settings.SESSION_COOKIE_NAME |
|
24 super(SessionStore, self).__init__(session_key) |
|
25 |
|
26 def _key_to_file(self, session_key=None): |
|
27 """ |
|
28 Get the file associated with this session key. |
|
29 """ |
|
30 if session_key is None: |
|
31 session_key = self.session_key |
|
32 |
|
33 # Make sure we're not vulnerable to directory traversal. Session keys |
|
34 # should always be md5s, so they should never contain directory components. |
|
35 if os.path.sep in session_key: |
|
36 raise SuspiciousOperation("Invalid characters (directory components) in session key") |
|
37 |
|
38 return os.path.join(self.storage_path, self.file_prefix + session_key) |
|
39 |
|
40 def load(self): |
|
41 session_data = {} |
|
42 try: |
|
43 session_file = open(self._key_to_file(), "rb") |
|
44 try: |
|
45 try: |
|
46 session_data = self.decode(session_file.read()) |
|
47 except(EOFError, SuspiciousOperation): |
|
48 self._session_key = self._get_new_session_key() |
|
49 self._session_cache = {} |
|
50 self.save() |
|
51 # Ensure the user is notified via a new cookie. |
|
52 self.modified = True |
|
53 finally: |
|
54 session_file.close() |
|
55 except(IOError): |
|
56 pass |
|
57 return session_data |
|
58 |
|
59 def save(self): |
|
60 try: |
|
61 f = open(self._key_to_file(self.session_key), "wb") |
|
62 try: |
|
63 f.write(self.encode(self._session)) |
|
64 finally: |
|
65 f.close() |
|
66 except(IOError, EOFError): |
|
67 pass |
|
68 |
|
69 def exists(self, session_key): |
|
70 if os.path.exists(self._key_to_file(session_key)): |
|
71 return True |
|
72 return False |
|
73 |
|
74 def delete(self, session_key): |
|
75 try: |
|
76 os.unlink(self._key_to_file(session_key)) |
|
77 except OSError: |
|
78 pass |
|
79 |
|
80 def clean(self): |
|
81 pass |