#1180: Django session key generation flawed
-----------------------------------+----------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: nobody
Status: reopened | Component: Admin interface
Version: | Resolution:
Keywords: | Stage: Accepted
Has_patch: 0 | Needs_docs: 0
Needs_tests: 0 | Needs_better_patch: 0
-----------------------------------+----------------------------------------
Comment (by Densetsu no Ero-sennin <[EMAIL PROTECTED]>):
> it's possible for two users get the same "incremented" primary key value
on their sessions
Can't agree with that. Primary keys are unique by definition, even if they
are reused somehow.
But anyway, that does not really matter for us. We just need to impose a
`UNIQUE` constraint on session_key, which would guarantee that all
sessions in the DB have different keys. Unfortunately, Django tries to be
smart and [http://www.djangoproject.com/documentation/db-api/#how-django-
knows-to-update-vs-insert treats primary key fields specially]. So when we
`save()` a new session with a newly created key and another session with
this key already exists, Django happily runs `UPDATE` instead of simply
trying to `INSERT` and failing. What we need is a way to tell Django not
to `UPDATE` here (`save(update=False)` or something like that). If that's
not possible or difficult to implement, we can just create a separate PK
field and add `unique=True` constraint to `session_key` field. Any
solution will do.
--
Ticket URL: <http://code.djangoproject.com/ticket/1180#comment:23>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
