Login

Cookieless Session Middleware

Author:
juliocarlos
Posted:
December 7, 2008
Language:
Python
Version:
1.0
Tags:
middleware cookie cookieless less
Score:
1 (after 1 ratings)

This middleware will put the sessionid in every place that it might be needed, I mean, as a hidden input in every form, at the end of the document as a javascrit variable to allow the AJAX request use it and of course as a GET variable of the request. To make it work correctly the MIDDLEWARE_CLASSES tuple must be in this order: 'CookielessSessionPreMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'CookielessSessionPosMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware',

Hope it work for someone else out there.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
class CookielessSessionPreMiddleware(object):
    def process_request(self, request):
        if not request.COOKIES.has_key('sessionid'):
            value = None
            if hasattr(request, 'POST') and request.POST.has_key('sessionid'):
                value = request.POST['sessionid']
            elif hasattr(request, 'GET') and request.GET.has_key('sessionid'):
                value = request.GET['sessionid']
            if value:
                request.COOKIES['sessionid'] = value

class CookielessSessionPosMiddleware(object):
    def __init__(self):
        self._re_links = re.compile('<a([^>]*)href="(/[^"]*)"([^>]*)>', re.I)
        self._re_forms = re.compile('</form>', re.I)
        self._re_endbody = re.compile('<body', re.I)

    def _prepare_url(self, url):
        patt = None
        if url.find('?') == -1:
            if url.endswith('/'):
                patt = '%s?'
            else:
                patt = '%s/?'
        else:
            patt = '%s&'
        return patt % (url,)

    def process_response(self, request, response):
        if request.COOKIES.has_key('sessionid') and request.user.is_authenticated():
            response.delete_cookie('sessionid')
            sessionid = request.COOKIES['sessionid']
            if type(response) is HttpResponseRedirect:
                return HttpResponseRedirect('/?sessionid=%s' % (sessionid,))

            # Fix the links
            new_url = lambda m: '<a%shref="%ssessionid=%s"%s>' % \
                (m.group(1), self._prepare_url(m.group(2)), sessionid,
                 m.group(3))
            response.content = self._re_links.sub(new_url, response.content)

            # Add a hidden input to every form with the sessionid
            repl_form = '<input type="hidden" name="sessionid" value="%s" />' + \
                '</form>'
            repl_form = repl_form % (sessionid,)
            response.content = self._re_forms.sub(repl_form, response.content)

            # Add the sessionid as a javascript variable to the end of the
            # document
            repl_endbody = '<script type="text/javascript">' + \
                'var sessionid = \'%s\';</script><body'
            repl_endbody = repl_endbody % (sessionid,)
            response.content = self._re_endbody.sub(repl_endbody, response.content)
            return response
        else:
            return response

More like this

  1. Middleware to reload translation for each request by asksol 5 years, 11 months ago
  2. GlobalRequest middleware by myq 2 years, 8 months ago
  3. Simple profile middleware by limodou 8 years, 5 months ago
  4. Get current user without a request object by t_rybik 4 years, 11 months ago
  5. Strip Google Analytics cookies for caching middleware purposes by nf 5 years, 9 months ago

Comments

pateo (on January 16, 2009):

Thanks! This is very helpful for me.

I think it will be better to use settings.SESSION_COOKIE_NAME instead of 'sessionid'.

#

Please login first before commenting.