def __check_cookies(self): # check the cookie to make sure it specifies a SID and is signed properly cookies = self.app.cookies if len(cookies)==0: if self.ss.sid: assert False, 'no cookie data received but we expected SID to be present' else: return # no session + no cookie_data = correct! keys = cookies.keys() keys.sort() aggr = ''.join(cookies[k] for k in keys) sig = aggr[:SIG_LEN] sid = aggr[SIG_LEN:SIG_LEN+SID_LEN] data = aggr[SIG_LEN+SID_LEN:] pdump = b64decode(data) if sid is '': sid = None assert self.ss.sid == sid, 'cookie specifies SID %s but we expected %s' % (sid, self.ss.sid) if not sid: assert sig is '', "sig should not be present if there is no sid" else: exp_sig = Session._Session__compute_hmac(self.app_args['cookie_key'], sid, pdump) assert sig==exp_sig, 'cookie received with invalid sig %s (expected %s)' % (sig, exp_sig) # check the cookies' data too if self.data_should_be_in_cookie: if pdump: data = Session._Session__decode_data(pdump) else: data = None assert self.ss.data==data, 'cookie does not contain the correct data:\n\tlocal: %s\n\tcookie: %s' % (self.ss.data, data) else: assert len(pdump)==0, "cookie specifies data but there shouldn't be any"
def make_ss(session): sid = session.sid if not sid: in_mc = in_db = False else: pdump = memcache.get(sid) if pdump and session.data == Session._Session__decode_data(pdump): in_mc = True else: in_mc = False try: sm = SessionModel.get_by_key_name(sid) if sm and session.data == Session._Session__decode_data(sm.pdump): in_db = True else: in_db = False if sm: logger.info('in db, but stale: current=%s db=%s' % (session.data, Session._Session__decode_data(sm.pdump))) else: logger.info('session not in db at all') except Exception, e: logging.warn('db failed: %s => %s' % (type(e), e)) in_db = False # db failure (perhaps it is down)
def __check_cookies(self): # check the cookie to make sure it specifies a SID and is signed properly cookies = self.app.cookies if len(cookies) == 0: if self.ss.sid: assert False, 'no cookie data received but we expected SID to be present' else: return # no session + no cookie_data = correct! keys = cookies.keys() keys.sort() aggr = ''.join(cookies[k] for k in keys) sig = aggr[:SIG_LEN] sid = aggr[SIG_LEN:SIG_LEN + SID_LEN] data = aggr[SIG_LEN + SID_LEN:] pdump = b64decode(data) if sid is '': sid = None assert self.ss.sid == sid, 'cookie specifies SID %s but we expected %s' % ( sid, self.ss.sid) if not sid: assert sig is '', "sig should not be present if there is no sid" else: exp_sig = Session._Session__compute_hmac( self.app_args['cookie_key'], sid, pdump) assert sig == exp_sig, 'cookie received with invalid sig %s (expected %s)' % ( sig, exp_sig) # check the cookies' data too if self.data_should_be_in_cookie: if pdump: data = Session._Session__decode_data(pdump) else: data = None assert self.ss.data == data, 'cookie does not contain the correct data:\n\tlocal: %s\n\tcookie: %s' % ( self.ss.data, data) else: assert len( pdump) == 0, "cookie specifies data but there shouldn't be any"
def make_ss(session): sid = session.sid if not sid: in_mc = in_db = False else: pdump = memcache.get(sid) if pdump and session.data==Session._Session__decode_data(pdump): in_mc = True else: in_mc = False try: sm = SessionModel.get_by_key_name(sid) if sm and session.data==Session._Session__decode_data(sm.pdump): in_db = True else: in_db = False if sm: logger.info('in db, but stale: current=%s db=%s' % (session.data, Session._Session__decode_data(sm.pdump))) else: logger.info('session not in db at all') except Exception, e: logging.warn('db failed: %s => %s' % (type(e), e)) in_db = False # db failure (perhaps it is down)
def __set_in_mc_db_to_true_if_ok(self, force_persist=False): enc_len = len(Session._Session__encode_data(self.ss.data)) if enc_len * 4 / 3 <= self.app_args['cookie_only_threshold']: self.ss.in_db = self.ss.in_mc = False # cookie-only self.data_should_be_in_cookie = True if not force_persist: return else: self.data_should_be_in_cookie = False # once its into mc, it will stay there until terminate() or a flush_all() self.ok_if_in_mc_remotely = True if self.dirty and self.dirty is not Session.DIRTY_BUT_DONT_PERSIST_TO_DB: self.ss.in_db = not self.app_args['no_datastore'] and self.api_statuses['db_can_wr'] and self.api_statuses['db_can_rd'] if self.ss.in_db: self.ok_if_in_db_remotely = True # once its in, it will stay there until terminate() self.keys_in_mc_only.clear() # pushed them all to the db elif self.dirty is Session.DIRTY_BUT_DONT_PERSIST_TO_DB: self.ss.in_db = False self.ss.in_mc = self.api_statuses['mc_can_wr'] and self.api_statuses['mc_can_rd']
def __call__(self, environ, start_response): # initialize a session for the current user _tls.current_session = Session( lifetime=self.lifetime, no_datastore=self.no_datastore, cookie_only_threshold=self.cookie_only_thresh, cookie_key=self.cookie_key) # create a hook for us to insert a cookie into the response headers def my_start_response(status, headers, exc_info=None): try: _tls.current_session.save( ) # store the session if it was changed except ValueError: # 1Mb memcache limit _tls.current_session.clear() for ch in _tls.current_session.make_cookie_headers(): headers.append(('Set-Cookie', ch)) return start_response(status, headers, exc_info) # let the app do its thing return self.app(environ, my_start_response)
def __set_in_mc_db_to_true_if_ok(self, force_persist=False): enc_len = len(Session._Session__encode_data(self.ss.data)) if enc_len * 4 / 3 <= self.app_args['cookie_only_threshold']: self.ss.in_db = self.ss.in_mc = False # cookie-only self.data_should_be_in_cookie = True if not force_persist: return else: self.data_should_be_in_cookie = False # once its into mc, it will stay there until terminate() or a flush_all() self.ok_if_in_mc_remotely = True if self.dirty and self.dirty is not Session.DIRTY_BUT_DONT_PERSIST_TO_DB: self.ss.in_db = not self.app_args[ 'no_datastore'] and self.api_statuses[ 'db_can_wr'] and self.api_statuses['db_can_rd'] if self.ss.in_db: self.ok_if_in_db_remotely = True # once its in, it will stay there until terminate() self.keys_in_mc_only.clear() # pushed them all to the db elif self.dirty is Session.DIRTY_BUT_DONT_PERSIST_TO_DB: self.ss.in_db = False self.ss.in_mc = self.api_statuses['mc_can_wr'] and self.api_statuses[ 'mc_can_rd']
def get(self): s = Session(sid=self.request.get('sid'), cookie_key='dontcare') s.ensure_data_loaded() self.response.out.write(b64encode(pickle.dumps(s.data)))