From c5f70d02214040c845c949a21b38edf89b1301f9 Mon Sep 17 00:00:00 2001 From: Ben Adida <ben@adida.net> Date: Mon, 27 Sep 2010 21:08:34 -0700 Subject: [PATCH] some extra caution for session management --- auth/auth_systems/password.py | 4 ++-- auth/views.py | 11 +++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/auth/auth_systems/password.py b/auth/auth_systems/password.py index e9b6e0f..f57dfb7 100644 --- a/auth/auth_systems/password.py +++ b/auth/auth_systems/password.py @@ -57,7 +57,7 @@ def password_login_view(request): if request.POST.has_key('return_url'): request.session['auth_return_url'] = request.POST.get('return_url') - request.session['user'] = user + request.session['password_user'] = user return HttpResponseRedirect(reverse(after)) except User.DoesNotExist: pass @@ -101,7 +101,7 @@ def get_auth_url(request, redirect_url = None): return reverse(password_login_view) def get_user_info_after_auth(request): - user = request.session['user'] + user = request.session['password_user'] user_info = user.info return {'type': 'password', 'user_id' : user.user_id, 'name': user.name, 'info': user.info, 'token': None} diff --git a/auth/views.py b/auth/views.py index 7aef37c..605fe17 100644 --- a/auth/views.py +++ b/auth/views.py @@ -81,6 +81,12 @@ def do_local_logout(request): # but we definitely kill the session and renew # the cookie field_names_to_save = request.session.get(FIELDS_TO_SAVE, []) + + # let's clean up the self-referential issue: + field_names_to_save = set(field_names_to_save) + field_names_to_save.remove(FIELDS_TO_SAVE) + field_names_to_save = list(field_names_to_save) + fields_to_save = dict([(name, request.session.get(name, None)) for name in field_names_to_save]) # let's not forget to save the list of fields to save @@ -126,8 +132,9 @@ def logout(request): def start(request, system_name): if not (system_name in auth.ENABLED_AUTH_SYSTEMS): return HttpResponseRedirect(reverse(index)) - - request.session.save() + + # why is this here? Let's try without it + # request.session.save() # store in the session the name of the system used for auth request.session['auth_system_name'] = system_name -- GitLab