diff options
author | Robert Brewer <fumanchu@aminus.org> | 2008-03-16 15:33:19 +0000 |
---|---|---|
committer | Robert Brewer <fumanchu@aminus.org> | 2008-03-16 15:33:19 +0000 |
commit | 6c30e9e08e8d047bf1e8fd762f2c4150586d04d4 (patch) | |
tree | 06b5a5b42afc3edd01c6a0f94233507ee07f7340 | |
parent | 5eaa126aaea150704406c1688557149ec4cbdb78 (diff) | |
download | cherrypy-6c30e9e08e8d047bf1e8fd762f2c4150586d04d4.tar.gz |
Fix for #799 (_test_concurrency fails periodically). Turns out the anti-malicious-session-id stuff was returning None in some cases because it didn't use the lock file. Fixed by making init use os.path.exists (etc) instead of session._load.
-rw-r--r-- | cherrypy/lib/sessions.py | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/cherrypy/lib/sessions.py b/cherrypy/lib/sessions.py index 2a46627e..aa64d40e 100644 --- a/cherrypy/lib/sessions.py +++ b/cherrypy/lib/sessions.py @@ -73,7 +73,7 @@ class Session(object): self.regenerate() else: self.id = id - if self._load() is None: + if not self._exists(): # Expired or malicious session. Make a new one. # See http://www.cherrypy.org/ticket/709. self.id = None @@ -92,7 +92,7 @@ class Session(object): while self.id is None: self.id = self.generate_id() # Assert that the generated id is not already stored. - if self._load() is not None: + if self._exists(): self.id = None if old_session_was_locked: @@ -244,6 +244,9 @@ class RamSession(Session): except KeyError: pass + def _exists(self): + return self.id in self.cache + def _load(self): return self.cache.get(self.id) @@ -269,7 +272,7 @@ class RamSession(Session): class FileSession(Session): - """ Implementation of the File backend for sessions + """Implementation of the File backend for sessions storage_path: the folder where session data will be saved. Each session will be saved as pickle.dump(data, expiration_time) in its own file; @@ -309,6 +312,10 @@ class FileSession(Session): raise cherrypy.HTTPError(400, "Invalid session id in cookie.") return f + def _exists(self): + path = self._get_file_path() + return os.path.exists(path) + def _load(self, path=None): if path is None: path = self._get_file_path() @@ -419,6 +426,13 @@ class PostgresqlSession(Session): self.cursor.close() self.db.commit() + def _exists(self): + # Select session data from table + self.cursor.execute('select data, expiration_time from session ' + 'where id=%s', (self.id,)) + rows = self.cursor.fetchall() + return bool(rows) + def _load(self): # Select session data from table self.cursor.execute('select data, expiration_time from session ' @@ -484,6 +498,13 @@ class MemcachedSession(Session): cls.cache = memcache.Client(cls.servers) setup = classmethod(setup) + def _exists(self): + self.mc_lock.acquire() + try: + return bool(self.cache.get(self.id)) + finally: + self.mc_lock.release() + def _load(self): self.mc_lock.acquire() try: |