def make_ss(session): sid = session.sid if not sid: in_mc = in_db = False else: pdump = memcache.get(sid) if pdump and session.data == Session._Session__decode_data(pdump): in_mc = True else: in_mc = False try: sm = SessionModel.get_by_key_name(sid) if sm and session.data == Session._Session__decode_data(sm.pdump): in_db = True else: in_db = False if sm: logger.info('in db, but stale: current=%s db=%s' % (session.data, Session._Session__decode_data(sm.pdump))) else: logger.info('session not in db at all') except Exception, e: logging.warn('db failed: %s => %s' % (type(e), e)) in_db = False # db failure (perhaps it is down)
def __check_cookies(self): # check the cookie to make sure it specifies a SID and is signed properly cookies = self.app.cookies if len(cookies)==0: if self.ss.sid: assert False, 'no cookie data received but we expected SID to be present' else: return # no session + no cookie_data = correct! keys = cookies.keys() keys.sort() aggr = ''.join(cookies[k] for k in keys) sig = aggr[:SIG_LEN] sid = aggr[SIG_LEN:SIG_LEN+SID_LEN] data = aggr[SIG_LEN+SID_LEN:] pdump = b64decode(data) if sid is '': sid = None assert self.ss.sid == sid, 'cookie specifies SID %s but we expected %s' % (sid, self.ss.sid) if not sid: assert sig is '', "sig should not be present if there is no sid" else: exp_sig = Session._Session__compute_hmac(self.app_args['cookie_key'], sid, pdump) assert sig==exp_sig, 'cookie received with invalid sig %s (expected %s)' % (sig, exp_sig) # check the cookies' data too if self.data_should_be_in_cookie: if pdump: data = Session._Session__decode_data(pdump) else: data = None assert self.ss.data==data, 'cookie does not contain the correct data:\n\tlocal: %s\n\tcookie: %s' % (self.ss.data, data) else: assert len(pdump)==0, "cookie specifies data but there shouldn't be any"
def make_ss(session): sid = session.sid if not sid: in_mc = in_db = False else: pdump = memcache.get(sid) if pdump and session.data==Session._Session__decode_data(pdump): in_mc = True else: in_mc = False try: sm = SessionModel.get_by_key_name(sid) if sm and session.data==Session._Session__decode_data(sm.pdump): in_db = True else: in_db = False if sm: logger.info('in db, but stale: current=%s db=%s' % (session.data, Session._Session__decode_data(sm.pdump))) else: logger.info('session not in db at all') except Exception, e: logging.warn('db failed: %s => %s' % (type(e), e)) in_db = False # db failure (perhaps it is down)
def __check_cookies(self): # check the cookie to make sure it specifies a SID and is signed properly cookies = self.app.cookies if len(cookies) == 0: if self.ss.sid: assert False, 'no cookie data received but we expected SID to be present' else: return # no session + no cookie_data = correct! keys = cookies.keys() keys.sort() aggr = ''.join(cookies[k] for k in keys) sig = aggr[:SIG_LEN] sid = aggr[SIG_LEN:SIG_LEN + SID_LEN] data = aggr[SIG_LEN + SID_LEN:] pdump = b64decode(data) if sid is '': sid = None assert self.ss.sid == sid, 'cookie specifies SID %s but we expected %s' % ( sid, self.ss.sid) if not sid: assert sig is '', "sig should not be present if there is no sid" else: exp_sig = Session._Session__compute_hmac( self.app_args['cookie_key'], sid, pdump) assert sig == exp_sig, 'cookie received with invalid sig %s (expected %s)' % ( sig, exp_sig) # check the cookies' data too if self.data_should_be_in_cookie: if pdump: data = Session._Session__decode_data(pdump) else: data = None assert self.ss.data == data, 'cookie does not contain the correct data:\n\tlocal: %s\n\tcookie: %s' % ( self.ss.data, data) else: assert len( pdump) == 0, "cookie specifies data but there shouldn't be any"