@@ -150,6 +150,7 @@ def test_flush(self):
150 150
self.session.flush()
151 151
self.assertFalse(self.session.exists(prev_key))
152 152
self.assertNotEqual(self.session.session_key, prev_key)
153 +
self.assertIsNone(self.session.session_key)
153 154
self.assertTrue(self.session.modified)
154 155
self.assertTrue(self.session.accessed)
155 156
@@ -432,6 +433,75 @@ def test_no_httponly_session_cookie(self):
432 433
self.assertNotIn('httponly',
433 434
str(response.cookies[settings.SESSION_COOKIE_NAME]))
434 435 436 +
def test_session_delete_on_end(self):
437 +
request = RequestFactory().get('/')
438 +
response = HttpResponse('Session test')
439 +
middleware = SessionMiddleware()
440 + 441 +
# Before deleting, there has to be an existing cookie
442 +
request.COOKIES[settings.SESSION_COOKIE_NAME] = 'abc'
443 + 444 +
# Simulate a request that ends the session
445 +
middleware.process_request(request)
446 +
request.session.flush()
447 + 448 +
# Handle the response through the middleware
449 +
response = middleware.process_response(request, response)
450 + 451 +
# Check that the cookie was deleted, not recreated.
452 +
# A deleted cookie header looks like:
453 +
# Set-Cookie: sessionid=; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/
454 +
self.assertEqual(
455 +
'Set-Cookie: %s=; expires=Thu, 01-Jan-1970 00:00:00 GMT; '
456 +
'Max-Age=0; Path=/' % settings.SESSION_COOKIE_NAME,
457 +
str(response.cookies[settings.SESSION_COOKIE_NAME])
458 +
)
459 + 460 +
@override_settings(SESSION_COOKIE_DOMAIN='.example.local')
461 +
def test_session_delete_on_end_with_custom_domain(self):
462 +
request = RequestFactory().get('/')
463 +
response = HttpResponse('Session test')
464 +
middleware = SessionMiddleware()
465 + 466 +
# Before deleting, there has to be an existing cookie
467 +
request.COOKIES[settings.SESSION_COOKIE_NAME] = 'abc'
468 + 469 +
# Simulate a request that ends the session
470 +
middleware.process_request(request)
471 +
request.session.flush()
472 + 473 +
# Handle the response through the middleware
474 +
response = middleware.process_response(request, response)
475 + 476 +
# Check that the cookie was deleted, not recreated.
477 +
# A deleted cookie header with a custom domain looks like:
478 +
# Set-Cookie: sessionid=; Domain=.example.local;
479 +
# expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/
480 +
self.assertEqual(
481 +
'Set-Cookie: %s=; Domain=.example.local; expires=Thu, '
482 +
'01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/' % (
483 +
settings.SESSION_COOKIE_NAME,
484 +
),
485 +
str(response.cookies[settings.SESSION_COOKIE_NAME])
486 +
)
487 + 488 +
def test_flush_empty_without_session_cookie_doesnt_set_cookie(self):
489 +
request = RequestFactory().get('/')
490 +
response = HttpResponse('Session test')
491 +
middleware = SessionMiddleware()
492 + 493 +
# Simulate a request that ends the session
494 +
middleware.process_request(request)
495 +
request.session.flush()
496 + 497 +
# Handle the response through the middleware
498 +
response = middleware.process_response(request, response)
499 + 500 +
# A cookie should not be set.
501 +
self.assertEqual(response.cookies, {})
502 +
# The session is accessed so "Vary: Cookie" should be set.
503 +
self.assertEqual(response['Vary'], 'Cookie')
504 + 435 505 436 506
class CookieSessionTests(SessionTestsMixin, TestCase):
437 507 RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4