If request.session was modified, or if the configuration is to save the session every time, save the changes and set a session cookie or delete the session cookie if the session has been emptied.
(self, request, response)
| 20 | request.session = self.SessionStore(session_key) |
| 21 | |
| 22 | def process_response(self, request, response): |
| 23 | """ |
| 24 | If request.session was modified, or if the configuration is to save the |
| 25 | session every time, save the changes and set a session cookie or delete |
| 26 | the session cookie if the session has been emptied. |
| 27 | """ |
| 28 | try: |
| 29 | accessed = request.session.accessed |
| 30 | modified = request.session.modified |
| 31 | empty = request.session.is_empty() |
| 32 | except AttributeError: |
| 33 | return response |
| 34 | # First check if we need to delete this cookie. |
| 35 | # The session should be deleted only if the session is entirely empty. |
| 36 | if settings.SESSION_COOKIE_NAME in request.COOKIES and empty: |
| 37 | response.delete_cookie( |
| 38 | settings.SESSION_COOKIE_NAME, |
| 39 | path=settings.SESSION_COOKIE_PATH, |
| 40 | domain=settings.SESSION_COOKIE_DOMAIN, |
| 41 | samesite=settings.SESSION_COOKIE_SAMESITE, |
| 42 | ) |
| 43 | need_vary_cookie = True |
| 44 | else: |
| 45 | # If the session was accessed, it must be varied on, regardless of |
| 46 | # whether it was modified or will be saved. |
| 47 | need_vary_cookie = accessed |
| 48 | if (modified or settings.SESSION_SAVE_EVERY_REQUEST) and not empty: |
| 49 | if request.session.get_expire_at_browser_close(): |
| 50 | max_age = None |
| 51 | expires = None |
| 52 | else: |
| 53 | max_age = request.session.get_expiry_age() |
| 54 | expires_time = time.time() + max_age |
| 55 | expires = http_date(expires_time) |
| 56 | # Save the session data and refresh the client cookie. |
| 57 | # Skip session save for 5xx responses. |
| 58 | if response.status_code < 500: |
| 59 | try: |
| 60 | request.session.save() |
| 61 | except UpdateError: |
| 62 | raise SessionInterrupted( |
| 63 | "The request's session was deleted before the " |
| 64 | "request completed. The user may have logged " |
| 65 | "out in a concurrent request, for example." |
| 66 | ) |
| 67 | response.set_cookie( |
| 68 | settings.SESSION_COOKIE_NAME, |
| 69 | request.session.session_key, |
| 70 | max_age=max_age, |
| 71 | expires=expires, |
| 72 | domain=settings.SESSION_COOKIE_DOMAIN, |
| 73 | path=settings.SESSION_COOKIE_PATH, |
| 74 | secure=settings.SESSION_COOKIE_SECURE or None, |
| 75 | httponly=settings.SESSION_COOKIE_HTTPONLY or None, |
| 76 | samesite=settings.SESSION_COOKIE_SAMESITE, |
| 77 | ) |
| 78 | # With a session cookie set, it must be varied on. |
| 79 | need_vary_cookie = True |