Commits

Robert Brewer committed da563e9

Fix for #408 (SessionFilter doesn't check result of generateSessionID() against sessionStorage).

  • Participants
  • Parent commits f374cf2
  • Branches cherrypy

Comments (0)

Files changed (1)

     
     clean_thread = None
     
-    def __init__(self, id=None):
+    def __init__(self, id=None, **kwargs):
         self.locked = False
         self.loaded = False
         self._data = {}
         
-        if id is None:
-            id = self.generate_id()
+        for k, v in kwargs.iteritems():
+            setattr(self, k, v)
+        
         self.id = id
+        while self.id is None:
+            self.id = self.generate_id()
+            # Assert that the generated id is not already stored.
+            if self._load() is not None:
+                self.id = None
     
     def clean_cycle(self):
         """Clean up expired sessions at regular intervals."""
     # It will possess a reference to (and lock, and lazily load)
     # the requested session data.
     storage_class = storage_type.title() + 'Session'
-    cherrypy.serving.session = sess = globals()[storage_class](id)
-    sess.timeout = timeout
-    sess.clean_freq = clean_freq
-    for k, v in kwargs.iteritems():
-        setattr(sess, k, v)
+    kwargs['timeout'] = timeout
+    kwargs['clean_freq'] = clean_freq
+    cherrypy.serving.session = sess = globals()[storage_class](id, **kwargs)
     
     if locking == 'implicit':
         sess.acquire_lock()