Commits

Robert Brewer  committed 8e7d23c

Fix for #799 (_test_concurrency fails periodically). Turns out the anti-malicious-session-id stuff was returning None in some cases because it didn't use the lock file. Fixed by making init use os.path.exists (etc) instead of session._load.

  • Participants
  • Parent commits 53c1b09

Comments (0)

Files changed (1)

File cherrypy/lib/sessions.py

             self.regenerate()
         else:
             self.id = id
-            if self._load() is None:
+            if not self._exists():
                 # Expired or malicious session. Make a new one.
                 # See http://www.cherrypy.org/ticket/709.
                 self.id = None
         while self.id is None:
             self.id = self.generate_id()
             # Assert that the generated id is not already stored.
-            if self._load() is not None:
+            if self._exists():
                 self.id = None
         
         if old_session_was_locked:
                 except KeyError:
                     pass
     
+    def _exists(self):
+        return self.id in self.cache
+    
     def _load(self):
         return self.cache.get(self.id)
     
 
 
 class FileSession(Session):
-    """ Implementation of the File backend for sessions
+    """Implementation of the File backend for sessions
     
     storage_path: the folder where session data will be saved. Each session
         will be saved as pickle.dump(data, expiration_time) in its own file;
             raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
         return f
     
+    def _exists(self):
+        path = self._get_file_path()
+        return os.path.exists(path)
+    
     def _load(self, path=None):
         if path is None:
             path = self._get_file_path()
             self.cursor.close()
         self.db.commit()
     
+    def _exists(self):
+        # Select session data from table
+        self.cursor.execute('select data, expiration_time from session '
+                            'where id=%s', (self.id,))
+        rows = self.cursor.fetchall()
+        return bool(rows)
+    
     def _load(self):
         # Select session data from table
         self.cursor.execute('select data, expiration_time from session '
         cls.cache = memcache.Client(cls.servers)
     setup = classmethod(setup)
     
+    def _exists(self):
+        self.mc_lock.acquire()
+        try:
+            return bool(self.cache.get(self.id))
+        finally:
+            self.mc_lock.release()
+    
     def _load(self):
         self.mc_lock.acquire()
         try: