orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'stable'

Browse source
This commit is contained in:
David Lord 2026-02-18 21:56:24 -08:00
commit daca74d93a
No known key found for this signature in database
GPG key ID: 43368A7AA8CC5926
6 changed files with 64 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/flask/app.py
View file

@ -1411,8 +1411,8 @@ class Flask(App):
for func in reversed(self.after_request_funcs[name]):
response = self.ensure_sync(func)(response)
if not self.session_interface.is_null_session(ctx.session):
self.session_interface.save_session(self, ctx.session, response)
if not self.session_interface.is_null_session(ctx._session):
self.session_interface.save_session(self, ctx._session, response)
return response

3
src/flask/ctx.py
View file

@ -381,7 +381,7 @@ class AppContext:
def session(self) -> SessionMixin:
"""The session object associated with this context. Accessed through
:data:`.session`. Only available in request contexts, otherwise raises
:exc:`RuntimeError`.
:exc:`RuntimeError`. Accessing this sets :attr:`.SessionMixin.accessed`.
"""
if self._request is None:
raise RuntimeError("There is no request in this context.")
@ -393,6 +393,7 @@ class AppContext:
if self._session is None:
self._session = si.make_null_session(self.app)
self._session.accessed = True
return self._session
def match_request(self) -> None:

34
src/flask/sessions.py
View file

@ -43,10 +43,15 @@ class SessionMixin(MutableMapping[str, t.Any]):
#: ``True``.
modified = True
#: Some implementations can detect when session data is read or
#: written and set this when that happens. The mixin default is hard
#: coded to ``True``.
accessed = True
accessed = False
"""Indicates if the session was accessed, even if it was not modified. This
is set when the session object is accessed through the request context,
including the global :data:`.session` proxy. A ``Vary: cookie`` header will
be added if this is ``True``.
.. versionchanged:: 3.1.3
This is tracked by the request context.
"""
class SecureCookieSession(CallbackDict[str, t.Any], SessionMixin):
@ -65,34 +70,15 @@ class SecureCookieSession(CallbackDict[str, t.Any], SessionMixin):
#: will only be written to the response if this is ``True``.
modified = False
#: When data is read or written, this is set to ``True``. Used by
# :class:`.SecureCookieSessionInterface` to add a ``Vary: Cookie``
#: header, which allows caching proxies to cache different pages for
#: different users.
accessed = False
def __init__(
self,
initial: c.Mapping[str, t.Any] | c.Iterable[tuple[str, t.Any]] | None = None,
initial: c.Mapping[str, t.Any] | None = None,
) -> None:
def on_update(self: te.Self) -> None:
self.modified = True
self.accessed = True
super().__init__(initial, on_update)
def __getitem__(self, key: str) -> t.Any:
self.accessed = True
return super().__getitem__(key)
def get(self, key: str, default: t.Any = None) -> t.Any:
self.accessed = True
return super().get(key, default)
def setdefault(self, key: str, default: t.Any = None) -> t.Any:
self.accessed = True
return super().setdefault(key, default)
class NullSession(SecureCookieSession):
"""Class used to generate nicer error messages if sessions are not

7
src/flask/templating.py
View file

@ -19,15 +19,16 @@ if t.TYPE_CHECKING: # pragma: no cover
def _default_template_ctx_processor() -> dict[str, t.Any]:
"""Default template context processor. Injects `request`,
`session` and `g`.
"""Default template context processor. Replaces the ``request`` and ``g``
proxies with their concrete objects for faster access.
"""
ctx = app_ctx._get_current_object()
rv: dict[str, t.Any] = {"g": ctx.g}
if ctx.has_request:
rv["request"] = ctx.request
rv["session"] = ctx.session
# The session proxy cannot be replaced, accessing it gets
# RequestContext.session, which sets session.accessed.
return rv