@@ -159,6 +159,7 @@ def test_flush(self):
159 159
self.session.flush()
160 160
self.assertFalse(self.session.exists(prev_key))
161 161
self.assertNotEqual(self.session.session_key, prev_key)
162 +
self.assertIsNone(self.session.session_key)
162 163
self.assertTrue(self.session.modified)
163 164
self.assertTrue(self.session.accessed)
164 165
@@ -589,6 +590,75 @@ def test_session_save_on_500(self):
589 590
# Check that the value wasn't saved above.
590 591
self.assertNotIn('hello', request.session.load())
591 592 593 +
def test_session_delete_on_end(self):
594 +
request = RequestFactory().get('/')
595 +
response = HttpResponse('Session test')
596 +
middleware = SessionMiddleware()
597 + 598 +
# Before deleting, there has to be an existing cookie
599 +
request.COOKIES[settings.SESSION_COOKIE_NAME] = 'abc'
600 + 601 +
# Simulate a request that ends the session
602 +
middleware.process_request(request)
603 +
request.session.flush()
604 + 605 +
# Handle the response through the middleware
606 +
response = middleware.process_response(request, response)
607 + 608 +
# Check that the cookie was deleted, not recreated.
609 +
# A deleted cookie header looks like:
610 +
# Set-Cookie: sessionid=; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/
611 +
self.assertEqual(
612 +
'Set-Cookie: {0}=; expires=Thu, 01-Jan-1970 00:00:00 GMT; '
613 +
'Max-Age=0; Path=/'.format(settings.SESSION_COOKIE_NAME),
614 +
str(response.cookies[settings.SESSION_COOKIE_NAME])
615 +
)
616 + 617 +
@override_settings(SESSION_COOKIE_DOMAIN='.example.local')
618 +
def test_session_delete_on_end_with_custom_domain(self):
619 +
request = RequestFactory().get('/')
620 +
response = HttpResponse('Session test')
621 +
middleware = SessionMiddleware()
622 + 623 +
# Before deleting, there has to be an existing cookie
624 +
request.COOKIES[settings.SESSION_COOKIE_NAME] = 'abc'
625 + 626 +
# Simulate a request that ends the session
627 +
middleware.process_request(request)
628 +
request.session.flush()
629 + 630 +
# Handle the response through the middleware
631 +
response = middleware.process_response(request, response)
632 + 633 +
# Check that the cookie was deleted, not recreated.
634 +
# A deleted cookie header with a custom domain looks like:
635 +
# Set-Cookie: sessionid=; Domain=.example.local;
636 +
# expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/
637 +
self.assertEqual(
638 +
'Set-Cookie: {}=; Domain=.example.local; expires=Thu, '
639 +
'01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/'.format(
640 +
settings.SESSION_COOKIE_NAME,
641 +
),
642 +
str(response.cookies[settings.SESSION_COOKIE_NAME])
643 +
)
644 + 645 +
def test_flush_empty_without_session_cookie_doesnt_set_cookie(self):
646 +
request = RequestFactory().get('/')
647 +
response = HttpResponse('Session test')
648 +
middleware = SessionMiddleware()
649 + 650 +
# Simulate a request that ends the session
651 +
middleware.process_request(request)
652 +
request.session.flush()
653 + 654 +
# Handle the response through the middleware
655 +
response = middleware.process_response(request, response)
656 + 657 +
# A cookie should not be set.
658 +
self.assertEqual(response.cookies, {})
659 +
# The session is accessed so "Vary: Cookie" should be set.
660 +
self.assertEqual(response['Vary'], 'Cookie')
661 + 592 662 593 663
class CookieSessionTests(SessionTestsMixin, TestCase):
594 664 RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4