diff options
| author | Michael Merickel <michael@merickel.org> | 2014-02-27 16:51:43 -0500 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2014-02-27 16:51:43 -0500 |
| commit | 8f4fbd84220a3256cbeee3f2adcc333c0ef0e6aa (patch) | |
| tree | f9bbb1750f0ddfd22236edb3f35bcbf2ee2c8722 | |
| parent | 7075e1742529f7de53dd794e9ded0baaa3584135 (diff) | |
| download | pyramid-8f4fbd84220a3256cbeee3f2adcc333c0ef0e6aa.tar.gz pyramid-8f4fbd84220a3256cbeee3f2adcc333c0ef0e6aa.tar.bz2 pyramid-8f4fbd84220a3256cbeee3f2adcc333c0ef0e6aa.zip | |
fix timeout=None bug as well as some other potential unpacking problems
| -rw-r--r-- | pyramid/session.py | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/pyramid/session.py b/pyramid/session.py index ea7a5628c..5cc51869c 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -256,17 +256,24 @@ def BaseCookieSessionFactory( if value is not None: try: - renewed, created, state = value + # since the value is not necessarily signed, we have + # to unpack it a little carefully + rval, cval, sval = value + renewed = float(rval) + created = float(cval) + state = sval new = False - if now - renewed > self._timeout: - # expire the session because it was not renewed - # before the timeout threshold - state = {} - except TypeError: + except (TypeError, ValueError): # value failed to unpack properly or renewed was not # a numeric type so we'll fail deserialization here state = {} + if self._timeout is not None: + if now - renewed > self._timeout: + # expire the session because it was not renewed + # before the timeout threshold + state = {} + self.created = created self.accessed = renewed self.renewed = renewed |