diff options
| -rw-r--r-- | pyramid/session.py | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/pyramid/session.py b/pyramid/session.py index ea7a5628c..5cc51869c 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -256,17 +256,24 @@ def BaseCookieSessionFactory( if value is not None: try: - renewed, created, state = value + # since the value is not necessarily signed, we have + # to unpack it a little carefully + rval, cval, sval = value + renewed = float(rval) + created = float(cval) + state = sval new = False - if now - renewed > self._timeout: - # expire the session because it was not renewed - # before the timeout threshold - state = {} - except TypeError: + except (TypeError, ValueError): # value failed to unpack properly or renewed was not # a numeric type so we'll fail deserialization here state = {} + if self._timeout is not None: + if now - renewed > self._timeout: + # expire the session because it was not renewed + # before the timeout threshold + state = {} + self.created = created self.accessed = renewed self.renewed = renewed |