orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

session expiration datetime is UTC timezone-aware

Browse source
This commit is contained in:
Kevin Kirsche 2022-06-17 10:38:17 -04:00 committed by David Lord
parent cec5f74110
commit ed42e92928
No known key found for this signature in database
GPG key ID: 7A1C87E3F5BC42A8
3 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGES.rst
View file

@ -36,6 +36,8 @@ Unreleased
- It is no longer required to decorate custom CLI commands on - It is no longer required to decorate custom CLI commands on
``app.cli`` or ``blueprint.cli`` with ``@with_appcontext``, an app ``app.cli`` or ``blueprint.cli`` with ``@with_appcontext``, an app
context will already be active at that point. :issue:`2410` context will already be active at that point. :issue:`2410`
- ``SessionInterface.get_expiration_time`` uses a timezone-aware
value. :pr:`4645`
Version 2.1.3 Version 2.1.3

3
src/flask/sessions.py
View file

@ -3,6 +3,7 @@ import typing as t
import warnings import warnings
from collections.abc import MutableMapping from collections.abc import MutableMapping
from datetime import datetime from datetime import datetime
from datetime import timezone
from itsdangerous import BadSignature from itsdangerous import BadSignature
from itsdangerous import URLSafeTimedSerializer from itsdangerous import URLSafeTimedSerializer
@ -277,7 +278,7 @@ class SessionInterface:
lifetime configured on the application. lifetime configured on the application.
""" """
if session.permanent: if session.permanent:
return datetime.utcnow() + app.permanent_session_lifetime return datetime.now(timezone.utc) + app.permanent_session_lifetime
return None return None
def should_set_cookie(self, app: "Flask", session: SessionMixin) -> bool: def should_set_cookie(self, app: "Flask", session: SessionMixin) -> bool:

5
tests/test_basic.py
View file

@ -5,6 +5,7 @@ import uuid
import warnings import warnings
import weakref import weakref
from datetime import datetime from datetime import datetime
from datetime import timezone
from platform import python_implementation from platform import python_implementation
from threading import Thread from threading import Thread
@ -436,7 +437,7 @@ def test_session_expiration(app, client):
assert "set-cookie" in rv.headers assert "set-cookie" in rv.headers
match = re.search(r"(?i)\bexpires=([^;]+)", rv.headers["set-cookie"]) match = re.search(r"(?i)\bexpires=([^;]+)", rv.headers["set-cookie"])
expires = parse_date(match.group()) expires = parse_date(match.group())
expected = datetime.utcnow() + app.permanent_session_lifetime expected = datetime.now(timezone.utc) + app.permanent_session_lifetime
assert expires.year == expected.year assert expires.year == expected.year
assert expires.month == expected.month assert expires.month == expected.month
assert expires.day == expected.day assert expires.day == expected.day
@ -466,7 +467,7 @@ def test_session_stored_last(app, client):
def test_session_special_types(app, client): def test_session_special_types(app, client):
now = datetime.utcnow().replace(microsecond=0) now = datetime.now(timezone.utc).replace(microsecond=0)
the_uuid = uuid.uuid4() the_uuid = uuid.uuid4()
@app.route("/") @app.route("/")