[ckan-changes] [okfn/ckan] cc6ab6: Remove session cooky after request has been proces...
GitHub
noreply at github.com
Tue May 1 13:17:11 UTC 2012
Branch: refs/heads/release-v1.6.1
Home: https://github.com/okfn/ckan
Commit: cc6ab63185580ecc44652d21fe6b491db458c15e
https://github.com/okfn/ckan/commit/cc6ab63185580ecc44652d21fe6b491db458c15e
Author: David Read <david.read at hackneyworkshop.com>
Date: 2012-05-01 (Tue, 01 May 2012)
Changed paths:
M ckan/lib/base.py
Log Message:
-----------
Remove session cooky after request has been processed. This caused obscure bug in DGU when you tried to save the session straight in the next request after deleting it. If you check after the request is done, then you take account of the wishes in that request. Therefore you also do not need the check to see if you are on a particular page that might create the session.
diff --git a/ckan/lib/base.py b/ckan/lib/base.py
index 3d46b45..5b8c908 100644
--- a/ckan/lib/base.py
+++ b/ckan/lib/base.py
@@ -187,41 +187,41 @@ def __call__(self, environ, start_response):
# the request is routed to. This routing information is
# available in environ['pylons.routes_dict']
+ try:
+ res = WSGIController.__call__(self, environ, start_response)
+ finally:
+ model.Session.remove()
+
# Clean out any old cookies as they may contain api keys etc
# This also improves the cachability of our pages as cookies
# prevent proxy servers from caching content unless they have
# been configured to ignore them.
- # we do not want to clear cookies when setting the user lang
- if not environ.get('PATH_INFO').startswith('/user/set_lang'):
- for cookie in request.cookies:
- if cookie.startswith('ckan') and cookie not in ['ckan']:
- response.delete_cookie(cookie)
- # Remove the ckan session cookie if not used e.g. logged out
- elif cookie == 'ckan' and not c.user:
- # Check session for valid data (including flash messages)
- # (DGU also uses session for a shopping basket-type behaviour)
- is_valid_cookie_data = False
- for key, value in session.items():
- if not key.startswith('_') and value:
- is_valid_cookie_data = True
- break
- if not is_valid_cookie_data:
- if session.id:
- if not session.get('lang'):
- self.log.debug('No session data any more - deleting session')
- self.log.debug('Session: %r', session.items())
- session.delete()
- else:
- response.delete_cookie(cookie)
- self.log.debug('No session data any more - deleting session cookie')
- # Remove auth_tkt repoze.who cookie if user not logged in.
- elif cookie == 'auth_tkt' and not session.id:
- response.delete_cookie(cookie)
-
- try:
- return WSGIController.__call__(self, environ, start_response)
- finally:
- model.Session.remove()
+ for cookie in request.cookies:
+ if cookie.startswith('ckan') and cookie not in ['ckan']:
+ response.delete_cookie(cookie)
+ # Remove the ckan session cookie if not used e.g. logged out
+ elif cookie == 'ckan' and not c.user:
+ # Check session for valid data (including flash messages)
+ # (DGU also uses session for a shopping basket-type behaviour)
+ is_valid_cookie_data = False
+ for key, value in session.items():
+ if not key.startswith('_') and value:
+ is_valid_cookie_data = True
+ break
+ if not is_valid_cookie_data:
+ if session.id:
+ if not session.get('lang'):
+ self.log.debug('No session data any more - deleting session')
+ self.log.debug('Session: %r', session.items())
+ session.delete()
+ else:
+ response.delete_cookie(cookie)
+ self.log.debug('No session data any more - deleting session cookie')
+ # Remove auth_tkt repoze.who cookie if user not logged in.
+ elif cookie == 'auth_tkt' and not session.id:
+ response.delete_cookie(cookie)
+
+ return res
def __after__(self, action, **params):
self._set_cors()
================================================================
More information about the ckan-changes
mailing list