Robert Brewer avatar Robert Brewer committed 3904c9d

Better fix for #680.

Comments (0)

Files changed (2)

cherrypy/lib/sessions.py

 
 def save():
     """Save any changed session data."""
+    
+    if not hasattr(cherrypy._serving, "session"):
+        return
+    
     # Guard against running twice
     if hasattr(cherrypy.request, "_sessionsaved"):
         return
 
 def close():
     """Close the session object for this request."""
-    sess = cherrypy.session
-    if sess.locked:
+    sess = getattr(cherrypy._serving, "session", None)
+    if sess and sess.locked:
         # If the session is still locked we release the lock
         sess.release_lock()
 close.failsafe = True

cherrypy/test/test_session.py

 import cherrypy
 from cherrypy.lib import sessions
 
+def http_methods_allowed(methods=['GET', 'HEAD']):
+    method = cherrypy.request.method.upper()
+    if method not in methods:
+        cherrypy.response.headers['Allow'] = ", ".join(methods)
+        raise cherrypy.HTTPError(405)
+
+cherrypy.tools.allow = cherrypy.Tool('on_start_resource', http_methods_allowed)
+
 
 def setup_server():
     class Root:
         def iredir(self):
             raise cherrypy.InternalRedirect('/blah')
         iredir.exposed = True
+        
+        @cherrypy.tools.allow(methods=['GET'])
+        def restricted(self):
+            return cherrypy.request.method
+        restricted.exposed = True
     
     cherrypy.tree.mount(Root())
     cherrypy.config.update({'environment': 'test_suite'})
         path = os.path.join(localDir, "session-" + id)
         os.unlink(path)
         self.getPage('/testStr', self.cookies)
-
+    
+    def test_5_Error_paths(self):
+        self.getPage('/unknown/page')
+        self.assertErrorPage(404, "The path '/unknown/page' was not found.")
+        
+        # Note: this path is *not* the same as above. The above
+        # takes a normal route through the session code; this one
+        # skips the session code's before_handler and only calls
+        # before_finalize (save) and on_end (close). So the session
+        # code has to survive calling save/close without init.
+        self.getPage('/restricted', self.cookies, method='POST')
+        self.assertErrorPage(405, "Specified method is invalid for this server.")
 
 
 if __name__ == "__main__":
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.