| import errno |
| import os |
| import tempfile |
| |
| from django.conf import settings |
| from django.contrib.sessions.backends.base import SessionBase, CreateError |
| from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured |
| |
| |
| class SessionStore(SessionBase): |
| """ |
| Implements a file based session store. |
| """ |
| def __init__(self, session_key=None): |
| self.storage_path = getattr(settings, "SESSION_FILE_PATH", None) |
| if not self.storage_path: |
| self.storage_path = tempfile.gettempdir() |
| |
| # Make sure the storage path is valid. |
| if not os.path.isdir(self.storage_path): |
| raise ImproperlyConfigured( |
| "The session storage path %r doesn't exist. Please set your" |
| " SESSION_FILE_PATH setting to an existing directory in which" |
| " Django can store session data." % self.storage_path) |
| |
| self.file_prefix = settings.SESSION_COOKIE_NAME |
| super(SessionStore, self).__init__(session_key) |
| |
| def _key_to_file(self, session_key=None): |
| """ |
| Get the file associated with this session key. |
| """ |
| if session_key is None: |
| session_key = self.session_key |
| |
| # Make sure we're not vulnerable to directory traversal. Session keys |
| # should always be md5s, so they should never contain directory |
| # components. |
| if os.path.sep in session_key: |
| raise SuspiciousOperation( |
| "Invalid characters (directory components) in session key") |
| |
| return os.path.join(self.storage_path, self.file_prefix + session_key) |
| |
| def load(self): |
| session_data = {} |
| try: |
| session_file = open(self._key_to_file(), "rb") |
| try: |
| file_data = session_file.read() |
| # Don't fail if there is no data in the session file. |
| # We may have opened the empty placeholder file. |
| if file_data: |
| try: |
| session_data = self.decode(file_data) |
| except (EOFError, SuspiciousOperation): |
| self.create() |
| finally: |
| session_file.close() |
| except IOError: |
| self.create() |
| return session_data |
| |
| def create(self): |
| while True: |
| self._session_key = self._get_new_session_key() |
| try: |
| self.save(must_create=True) |
| except CreateError: |
| continue |
| self.modified = True |
| self._session_cache = {} |
| return |
| |
| def save(self, must_create=False): |
| # Get the session data now, before we start messing |
| # with the file it is stored within. |
| session_data = self._get_session(no_load=must_create) |
| |
| session_file_name = self._key_to_file() |
| |
| try: |
| # Make sure the file exists. If it does not already exist, an |
| # empty placeholder file is created. |
| flags = os.O_WRONLY | os.O_CREAT | getattr(os, 'O_BINARY', 0) |
| if must_create: |
| flags |= os.O_EXCL |
| fd = os.open(session_file_name, flags) |
| os.close(fd) |
| |
| except OSError, e: |
| if must_create and e.errno == errno.EEXIST: |
| raise CreateError |
| raise |
| |
| # Write the session file without interfering with other threads |
| # or processes. By writing to an atomically generated temporary |
| # file and then using the atomic os.rename() to make the complete |
| # file visible, we avoid having to lock the session file, while |
| # still maintaining its integrity. |
| # |
| # Note: Locking the session file was explored, but rejected in part |
| # because in order to be atomic and cross-platform, it required a |
| # long-lived lock file for each session, doubling the number of |
| # files in the session storage directory at any given time. This |
| # rename solution is cleaner and avoids any additional overhead |
| # when reading the session data, which is the more common case |
| # unless SESSION_SAVE_EVERY_REQUEST = True. |
| # |
| # See ticket #8616. |
| dir, prefix = os.path.split(session_file_name) |
| |
| try: |
| output_file_fd, output_file_name = tempfile.mkstemp(dir=dir, |
| prefix=prefix + '_out_') |
| renamed = False |
| try: |
| try: |
| os.write(output_file_fd, self.encode(session_data)) |
| finally: |
| os.close(output_file_fd) |
| os.rename(output_file_name, session_file_name) |
| renamed = True |
| finally: |
| if not renamed: |
| os.unlink(output_file_name) |
| |
| except (OSError, IOError, EOFError): |
| pass |
| |
| def exists(self, session_key): |
| if os.path.exists(self._key_to_file(session_key)): |
| return True |
| return False |
| |
| def delete(self, session_key=None): |
| if session_key is None: |
| if self._session_key is None: |
| return |
| session_key = self._session_key |
| try: |
| os.unlink(self._key_to_file(session_key)) |
| except OSError: |
| pass |
| |
| def clean(self): |
| pass |