Cookieless Session Middleware

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
class CookielessSessionPreMiddleware(object):
    def process_request(self, request):
        if not request.COOKIES.has_key('sessionid'):
            value = None
            if hasattr(request, 'POST') and request.POST.has_key('sessionid'):
                value = request.POST['sessionid']
            elif hasattr(request, 'GET') and request.GET.has_key('sessionid'):
                value = request.GET['sessionid']
            if value:
                request.COOKIES['sessionid'] = value

class CookielessSessionPosMiddleware(object):
    def __init__(self):
        self._re_links = re.compile('<a([^>]*)href="(/[^"]*)"([^>]*)>', re.I)
        self._re_forms = re.compile('</form>', re.I)
        self._re_endbody = re.compile('<body', re.I)

    def _prepare_url(self, url):
        patt = None
        if url.find('?') == -1:
            if url.endswith('/'):
                patt = '%s?'
            else:
                patt = '%s/?'
        else:
            patt = '%s&'
        return patt % (url,)

    def process_response(self, request, response):
        if request.COOKIES.has_key('sessionid') and request.user.is_authenticated():
            response.delete_cookie('sessionid')
            sessionid = request.COOKIES['sessionid']
            if type(response) is HttpResponseRedirect:
                return HttpResponseRedirect('/?sessionid=%s' % (sessionid,))

            # Fix the links
            new_url = lambda m: '<a%shref="%ssessionid=%s"%s>' % \
                (m.group(1), self._prepare_url(m.group(2)), sessionid,
                 m.group(3))
            response.content = self._re_links.sub(new_url, response.content)

            # Add a hidden input to every form with the sessionid
            repl_form = '<input type="hidden" name="sessionid" value="%s" />' + \
                '</form>'
            repl_form = repl_form % (sessionid,)
            response.content = self._re_forms.sub(repl_form, response.content)

            # Add the sessionid as a javascript variable to the end of the
            # document
            repl_endbody = '<script type="text/javascript">' + \
                'var sessionid = \'%s\';</script><body'
            repl_endbody = repl_endbody % (sessionid,)
            response.content = self._re_endbody.sub(repl_endbody, response.content)
            return response
        else:
            return response

More like this

  1. Another Cookieless Session Middleware by lvscar 3 years, 11 months ago
  2. Strip Google Analytics cookies for caching middleware purposes by nf 3 years, 7 months ago
  3. Add httponly to session cookie by rodolfo.3 3 years, 1 month ago
  4. Sessions and authentication without cookies by danfairs 5 years, 6 months ago
  5. RandomFileExtensionMiddleware by jezdez 4 years, 11 months ago

Comments

pateo (on January 16, 2009):

Thanks! This is very helpful for me.

I think it will be better to use settings.SESSION_COOKIE_NAME instead of 'sessionid'.

#

lvscar (on June 1, 2009):

Another Cookieless Session Middleware http://www.djangosnippets.org/snippets/1540/

#

edcrewe (on November 4, 2012):

Wrapped Ivscar's version up with some improvements, and released to pypi

#

(Forgotten your password?)