Fixed #4724 -- Added support for configurable session cookie paths. Helps with

multiple Django installs under the same hostname. Thanks, frej and Graham Dumpleton. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2024-12-01 15:42:04 +01:00 · 2007-10-20 05:13:56 +00:00 · 2007-10-20 05:13:56 +00:00 · e172e7be57
commit e172e7be57
parent 1a1a39738a
3 changed files with 24 additions and 11 deletions
--- a/django/conf/global_settings.py
+++ b/django/conf/global_settings.py
@ -275,6 +275,7 @@ SESSION_COOKIE_NAME = 'sessionid'                       # Cookie name. This can
 SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2               # Age of cookie, in seconds (default: 2 weeks).
 SESSION_COOKIE_DOMAIN = None                            # A string like ".lawrence.com", or None for standard domain cookie.
 SESSION_COOKIE_SECURE = False                           # Whether the session cookie should be secure (https:// only).
+SESSION_COOKIE_PATH = '/'                               # The path of the session cookie.
 SESSION_SAVE_EVERY_REQUEST = False                      # Whether to save the session data on every request.
 SESSION_EXPIRE_AT_BROWSER_CLOSE = False                 # Whether sessions expire when a user closes his browser.
 SESSION_ENGINE = 'django.contrib.sessions.backends.db'  # The module to store session data
--- a/django/contrib/sessions/middleware.py
+++ b/django/contrib/sessions/middleware.py
@ -31,7 +31,7 @@ class SessionMiddleware(object):
                else:
                    max_age = settings.SESSION_COOKIE_AGE
                    rfcdate = formatdate(time.time() + settings.SESSION_COOKIE_AGE)
-                    
+
                    # Fixed length date must have '-' separation in the format
                    # DD-MMM-YYYY for compliance with Netscape cookie standard
                    expires = datetime.datetime.strftime(datetime.datetime.utcnow() + \
@ -39,8 +39,10 @@ class SessionMiddleware(object):

                # Save the seesion data and refresh the client cookie.
                request.session.save()
-                response.set_cookie(settings.SESSION_COOKIE_NAME, request.session.session_key,
-                    max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
-                    secure=settings.SESSION_COOKIE_SECURE or None)
-                    
+                response.set_cookie(settings.SESSION_COOKIE_NAME,
+                        request.session.session_key, max_age=max_age,
+                        expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
+                        path=settings.SESSION_COOKIE_PATH,
+                        secure=settings.SESSION_COOKIE_SECURE or None)
+
        return response
--- a/docs/settings.txt
+++ b/docs/settings.txt
@ -475,7 +475,7 @@ FIXTURE_DIRS
 Default: ``()`` (Empty tuple)

 List of locations of the fixture data files, in search order. Note that
-these paths should use Unix-style forward slashes, even on Windows. See 
+these paths should use Unix-style forward slashes, even on Windows. See
 `Testing Django Applications`_.

 .. _Testing Django Applications: ../testing/
@ -731,8 +731,8 @@ SERIALIZATION_MODULES

 Default: Not defined.

-A dictionary of modules containing serializer definitions (provided as 
-strings), keyed by a string identifier for that serialization type. For 
+A dictionary of modules containing serializer definitions (provided as
+strings), keyed by a string identifier for that serialization type. For
 example, to define a YAML serializer, use::

    SERIALIZATION_MODULES = { 'yaml' : 'path.to.yaml_serializer' }
@ -754,10 +754,10 @@ Default: ``django.contrib.sessions.backends.db``

 Controls where Django stores session data. Valid values are:

-    * ``'django.contrib.sessions.backends.db'``      
-    * ``'django.contrib.sessions.backends.file'``    
+    * ``'django.contrib.sessions.backends.db'``
+    * ``'django.contrib.sessions.backends.file'``
    * ``'django.contrib.sessions.backends.cache'``
-    
+
 See the `session docs`_ for more details.

 SESSION_COOKIE_AGE
@ -784,6 +784,16 @@ Default: ``'sessionid'``
 The name of the cookie to use for sessions. This can be whatever you want.
 See the `session docs`_.

+SESSION_COOKIE_PATH
+-------------------
+
+Default: ``'/'``
+
+The path set on the session cookie. Should match the URL path of your Django
+installation (or be parent of that path). This is useful if you have multiple
+Django instances running under the same hostname; they can use different
+cookie paths and each instance will only see its own session cookie.
+
 SESSION_COOKIE_SECURE
 ---------------------