From 0e1ce8cc3f7438b044723ea0b56ba05c85d8c524 Mon Sep 17 00:00:00 2001 From: Tomas Gavenciak Date: Sun, 4 Oct 2015 02:05:11 +0200 Subject: [PATCH] Logged-in hint middleware: improve logic * removed sending redundant cookie updates --- mamweb/middleware.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/mamweb/middleware.py b/mamweb/middleware.py index 951c9a86..5e5dc33e 100644 --- a/mamweb/middleware.py +++ b/mamweb/middleware.py @@ -23,10 +23,14 @@ class LoggedInHintCookieMiddleware(object): if hasattr(settings, 'LOGGED_IN_HINT_COOKIE_NAME'): self.cookie_name = settings.LOGGED_IN_HINT_COOKIE_NAME else: self.cookie_name = 'logged_in_hint' + self.cookie_value = 'True' + + def cookie_correct(self, request): + return self.cookie_name in request.COOKIES and request.COOKIES[self.cookie_name] == self.cookie_value def process_request(self, request): if not request.is_secure(): - if self.cookie_name in request.COOKIES and request.COOKIES[self.cookie_name] == 'True': + if self.cookie_correct(request): # redirect insecure (assuming http) requests with hint cookie to https url = HttpRequest.build_absolute_uri() assert url[:5] == 'http:' @@ -35,10 +39,11 @@ class LoggedInHintCookieMiddleware(object): def process_response(self, request, response): if request.is_secure(): - # assuming full session info (as the conn. is secure), update hint + # assuming full session info (as the conn. is secure) if request.user.is_authenticated(): - expiry = None if request.session.get_expire_at_browser_close() else request.session.get_expiry_date() - response.set_cookie(self.cookie_name, value='True', expires=expiry, secure=False) + if not self.cookie_correct(request): + expiry = None if request.session.get_expire_at_browser_close() else request.session.get_expiry_date() + response.set_cookie(self.cookie_name, value=self.cookie_value, expires=expiry, secure=False) else: if self.cookie_name in request.COOKIES: response.delete_cookie(self.cookie_name)