Import default session middleware as start for custom session middleware.

(imported from commit 76aae367ab6ea5c2a7b0d98368482a3cb312b217)
2015-01-15 20:59:20 -08:00 · 2015-01-15 20:59:20 -08:00 · 7e786d5426
parent d401d1cb47
commit 7e786d5426
2 changed files with 38 additions and 1 deletions
--- a/zerver/middleware.py
+++ b/zerver/middleware.py
@ -9,7 +9,10 @@ from zerver.lib.cache import get_memcached_time, get_memcached_requests
 from zerver.lib.bugdown import get_bugdown_time, get_bugdown_requests
 from zerver.models import flush_per_request_caches
 from zerver.exceptions import RateLimited
+from django.contrib.sessions.middleware import SessionMiddleware
 from django.views.csrf import csrf_failure as html_csrf_failure
+from django.utils.cache import patch_vary_headers
+from django.utils.http import cookie_date

 import logging
 import time
@ -286,3 +289,37 @@ class FlushDisplayRecipientCache(object):
        # are not shared at all between requests.
        flush_per_request_caches()
        return response
+
+class SessionHostDomainMiddleware(SessionMiddleware):
+    def process_response(self, request, response):
+        """
+        If request.session was modified, or if the configuration is to save the
+        session every time, save the changes and set a session cookie.
+        """
+        try:
+            accessed = request.session.accessed
+            modified = request.session.modified
+        except AttributeError:
+            pass
+        else:
+            if accessed:
+                patch_vary_headers(response, ('Cookie',))
+            if modified or settings.SESSION_SAVE_EVERY_REQUEST:
+                if request.session.get_expire_at_browser_close():
+                    max_age = None
+                    expires = None
+                else:
+                    max_age = request.session.get_expiry_age()
+                    expires_time = time.time() + max_age
+                    expires = cookie_date(expires_time)
+                # Save the session data and refresh the client cookie.
+                # Skip session save for 500 responses, refs #3881.
+                if response.status_code != 500:
+                    request.session.save()
+                    response.set_cookie(settings.SESSION_COOKIE_NAME,
+                            request.session.session_key, max_age=max_age,
+                            expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
+                            path=settings.SESSION_COOKIE_PATH,
+                            secure=settings.SESSION_COOKIE_SECURE or None,
+                            httponly=settings.SESSION_COOKIE_HTTPONLY or None)
+        return response
--- a/zproject/settings.py
+++ b/zproject/settings.py
@ -180,7 +180,7 @@ MIDDLEWARE_CLASSES = (
    'zerver.middleware.RateLimitMiddleware',
    'zerver.middleware.FlushDisplayRecipientCache',
    'django.middleware.common.CommonMiddleware',
-    'django.contrib.sessions.middleware.SessionMiddleware',
+    'zerver.middleware.SessionHostDomainMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
 )