def __check_cookies(self):
# check the cookie to make sure it specifies a SID and is signed properly
cookies = self.app.cookies
if len(cookies)==0:
if self.ss.sid:
assert False, 'no cookie data received but we expected SID to be present'
else:
return # no session + no cookie_data = correct!
keys = cookies.keys()
keys.sort()
aggr = ''.join(cookies[k] for k in keys)
sig = aggr[:SIG_LEN]
sid = aggr[SIG_LEN:SIG_LEN+SID_LEN]
data = aggr[SIG_LEN+SID_LEN:]
pdump = b64decode(data)
if sid is '':
sid = None
assert self.ss.sid == sid, 'cookie specifies SID %s but we expected %s' % (sid, self.ss.sid)
if not sid:
assert sig is '', "sig should not be present if there is no sid"
else:
exp_sig = Session._Session__compute_hmac(self.app_args['cookie_key'], sid, pdump)
assert sig==exp_sig, 'cookie received with invalid sig %s (expected %s)' % (sig, exp_sig)
# check the cookies' data too
if self.data_should_be_in_cookie:
if pdump:
data = Session._Session__decode_data(pdump)
else:
data = None
assert self.ss.data==data, 'cookie does not contain the correct data:\n\tlocal: %s\n\tcookie: %s' % (self.ss.data, data)
else:
assert len(pdump)==0, "cookie specifies data but there shouldn't be any"
def make_ss(session):
sid = session.sid
if not sid:
in_mc = in_db = False
else:
pdump = memcache.get(sid)
if pdump and session.data == Session._Session__decode_data(pdump):
in_mc = True
else:
in_mc = False
try:
sm = SessionModel.get_by_key_name(sid)
if sm and session.data == Session._Session__decode_data(sm.pdump):
in_db = True
else:
in_db = False
if sm:
logger.info('in db, but stale: current=%s db=%s' %
(session.data,
Session._Session__decode_data(sm.pdump)))
else:
logger.info('session not in db at all')
except Exception, e:
logging.warn('db failed: %s => %s' % (type(e), e))
in_db = False # db failure (perhaps it is down)
def __check_cookies(self):
# check the cookie to make sure it specifies a SID and is signed properly
cookies = self.app.cookies
if len(cookies) == 0:
if self.ss.sid:
assert False, 'no cookie data received but we expected SID to be present'
else:
return # no session + no cookie_data = correct!
keys = cookies.keys()
keys.sort()
aggr = ''.join(cookies[k] for k in keys)
sig = aggr[:SIG_LEN]
sid = aggr[SIG_LEN:SIG_LEN + SID_LEN]
data = aggr[SIG_LEN + SID_LEN:]
pdump = b64decode(data)
if sid is '':
sid = None
assert self.ss.sid == sid, 'cookie specifies SID %s but we expected %s' % (
sid, self.ss.sid)
if not sid:
assert sig is '', "sig should not be present if there is no sid"
else:
exp_sig = Session._Session__compute_hmac(
self.app_args['cookie_key'], sid, pdump)
assert sig == exp_sig, 'cookie received with invalid sig %s (expected %s)' % (
sig, exp_sig)
# check the cookies' data too
if self.data_should_be_in_cookie:
if pdump:
data = Session._Session__decode_data(pdump)
else:
data = None
assert self.ss.data == data, 'cookie does not contain the correct data:\n\tlocal: %s\n\tcookie: %s' % (
self.ss.data, data)
else:
assert len(
pdump) == 0, "cookie specifies data but there shouldn't be any"
def make_ss(session):
sid = session.sid
if not sid:
in_mc = in_db = False
else:
pdump = memcache.get(sid)
if pdump and session.data==Session._Session__decode_data(pdump):
in_mc = True
else:
in_mc = False
try:
sm = SessionModel.get_by_key_name(sid)
if sm and session.data==Session._Session__decode_data(sm.pdump):
in_db = True
else:
in_db = False
if sm:
logger.info('in db, but stale: current=%s db=%s' % (session.data, Session._Session__decode_data(sm.pdump)))
else:
logger.info('session not in db at all')
except Exception, e:
logging.warn('db failed: %s => %s' % (type(e), e))
in_db = False # db failure (perhaps it is down)
def __set_in_mc_db_to_true_if_ok(self, force_persist=False):
enc_len = len(Session._Session__encode_data(self.ss.data))
if enc_len * 4 / 3 <= self.app_args['cookie_only_threshold']:
self.ss.in_db = self.ss.in_mc = False # cookie-only
self.data_should_be_in_cookie = True
if not force_persist:
return
else:
self.data_should_be_in_cookie = False
# once its into mc, it will stay there until terminate() or a flush_all()
self.ok_if_in_mc_remotely = True
if self.dirty and self.dirty is not Session.DIRTY_BUT_DONT_PERSIST_TO_DB:
self.ss.in_db = not self.app_args['no_datastore'] and self.api_statuses['db_can_wr'] and self.api_statuses['db_can_rd']
if self.ss.in_db:
self.ok_if_in_db_remotely = True # once its in, it will stay there until terminate()
self.keys_in_mc_only.clear() # pushed them all to the db
elif self.dirty is Session.DIRTY_BUT_DONT_PERSIST_TO_DB:
self.ss.in_db = False
self.ss.in_mc = self.api_statuses['mc_can_wr'] and self.api_statuses['mc_can_rd']
def __call__(self, environ, start_response):
# initialize a session for the current user
_tls.current_session = Session(
lifetime=self.lifetime,
no_datastore=self.no_datastore,
cookie_only_threshold=self.cookie_only_thresh,
cookie_key=self.cookie_key)
# create a hook for us to insert a cookie into the response headers
def my_start_response(status, headers, exc_info=None):
try:
_tls.current_session.save(
) # store the session if it was changed
except ValueError: # 1Mb memcache limit
_tls.current_session.clear()
for ch in _tls.current_session.make_cookie_headers():
headers.append(('Set-Cookie', ch))
return start_response(status, headers, exc_info)
# let the app do its thing
return self.app(environ, my_start_response)
def __set_in_mc_db_to_true_if_ok(self, force_persist=False):
enc_len = len(Session._Session__encode_data(self.ss.data))
if enc_len * 4 / 3 <= self.app_args['cookie_only_threshold']:
self.ss.in_db = self.ss.in_mc = False # cookie-only
self.data_should_be_in_cookie = True
if not force_persist:
return
else:
self.data_should_be_in_cookie = False
# once its into mc, it will stay there until terminate() or a flush_all()
self.ok_if_in_mc_remotely = True
if self.dirty and self.dirty is not Session.DIRTY_BUT_DONT_PERSIST_TO_DB:
self.ss.in_db = not self.app_args[
'no_datastore'] and self.api_statuses[
'db_can_wr'] and self.api_statuses['db_can_rd']
if self.ss.in_db:
self.ok_if_in_db_remotely = True # once its in, it will stay there until terminate()
self.keys_in_mc_only.clear() # pushed them all to the db
elif self.dirty is Session.DIRTY_BUT_DONT_PERSIST_TO_DB:
self.ss.in_db = False
self.ss.in_mc = self.api_statuses['mc_can_wr'] and self.api_statuses[
'mc_can_rd']
def get(self):
s = Session(sid=self.request.get('sid'), cookie_key='dontcare')
s.ensure_data_loaded()
self.response.out.write(b64encode(pickle.dumps(s.data)))
def get(self):
s = Session(sid=self.request.get('sid'), cookie_key='dontcare')
s.ensure_data_loaded()
self.response.out.write(b64encode(pickle.dumps(s.data)))
