From 062b3ac138fc8a9662565348a4e74ee2bc0daa2f Mon Sep 17 00:00:00 2001 From: Tomas Gavenciak Date: Sun, 4 Oct 2015 01:13:04 +0200 Subject: [PATCH] Logged-in hint middleware: minor improvement --- mamweb/middleware.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mamweb/middleware.py b/mamweb/middleware.py index e1c81e51..951c9a86 100644 --- a/mamweb/middleware.py +++ b/mamweb/middleware.py @@ -13,7 +13,7 @@ class LoggedInHintCookieMiddleware(object): Note this usually breaks non-GET (POST) requests. On secure requests: Updates cookie settings.LOGGED_IN_HINT_COOKIE_NAME to reflect - whether an user is logged in in the current session (set/clear). + whether an user is logged in in the current session (cookie set to 'True' or cleared). The cookie is set to expire at the same time as the sessionid cookie. By default, LOGGED_IN_HINT_COOKIE_NAME = 'logged_in_hint'. @@ -26,7 +26,7 @@ class LoggedInHintCookieMiddleware(object): def process_request(self, request): if not request.is_secure(): - if self.cookie_name in request.COOKIES: + if self.cookie_name in request.COOKIES and request.COOKIES[self.cookie_name] == 'True': # redirect insecure (assuming http) requests with hint cookie to https url = HttpRequest.build_absolute_uri() assert url[:5] == 'http:' @@ -36,12 +36,12 @@ class LoggedInHintCookieMiddleware(object): def process_response(self, request, response): if request.is_secure(): # assuming full session info (as the conn. is secure), update hint - # cookie value is actually irrelevant, here we set 'True' if request.user.is_authenticated(): expiry = None if request.session.get_expire_at_browser_close() else request.session.get_expiry_date() response.set_cookie(self.cookie_name, value='True', expires=expiry, secure=False) else: - response.delete_cookie(self.cookie_name) + if self.cookie_name in request.COOKIES: + response.delete_cookie(self.cookie_name) return response