diff --git a/tests/test_memcached_storage.py b/tests/test_memcached_storage.py index 608c11f0..5e8ff7aa 100644 --- a/tests/test_memcached_storage.py +++ b/tests/test_memcached_storage.py @@ -1,6 +1,7 @@ import json import uuid import time +import asyncio from aiohttp import web from aiohttp_session import Session, session_middleware, get_session @@ -227,3 +228,28 @@ async def logout(request): client.session.cookie_jar.update_cookies({'AIOHTTP_SESSION': evil_cookie}) resp = await client.get('/') assert resp.cookies['AIOHTTP_SESSION'].value != evil_cookie + + +async def test_load_session_dont_load_expired_session(aiohttp_client, + memcached): + async def handler(request): + session = await get_session(request) + exp_param = request.rel_url.query.get('exp', None) + if exp_param is None: + session['a'] = 1 + session['b'] = 2 + else: + assert {} == session + + return web.Response(body=b'OK') + + client = await aiohttp_client( + create_app(handler, memcached, 2) + ) + resp = await client.get('/') + assert resp.status == 200 + + await asyncio.sleep(5) + + resp = await client.get('/?exp=yes') + assert resp.status == 200 diff --git a/tests/test_nacl_storage.py b/tests/test_nacl_storage.py index 01b91989..66bd8145 100644 --- a/tests/test_nacl_storage.py +++ b/tests/test_nacl_storage.py @@ -1,5 +1,6 @@ import json import time +import asyncio import pytest import nacl.secret @@ -30,8 +31,8 @@ def make_cookie(client, secretbox, data): client.session.cookie_jar.update_cookies({'AIOHTTP_SESSION': data}) -def create_app(handler, key): - middleware = session_middleware(NaClCookieStorage(key)) +def create_app(handler, key, max_age=None): + middleware = session_middleware(NaClCookieStorage(key, max_age=max_age)) app = web.Application(middlewares=[middleware]) app.router.add_route('GET', '/', handler) return app @@ -153,3 +154,28 @@ async def logout(request): client.session.cookie_jar.update_cookies({'AIOHTTP_SESSION': evil_cookie}) resp = await client.get('/') assert resp.cookies['AIOHTTP_SESSION'].value != evil_cookie + + +async def test_load_session_dont_load_expired_session(aiohttp_client, + key): + async def handler(request): + session = await get_session(request) + exp_param = request.rel_url.query.get('exp', None) + if exp_param is None: + session['a'] = 1 + session['b'] = 2 + else: + assert {} == session + + return web.Response(body=b'OK') + + client = await aiohttp_client( + create_app(handler, key, 2) + ) + resp = await client.get('/') + assert resp.status == 200 + + await asyncio.sleep(5) + + resp = await client.get('/?exp=yes') + assert resp.status == 200 diff --git a/tests/test_redis_storage.py b/tests/test_redis_storage.py index 824bfce5..76b927f9 100644 --- a/tests/test_redis_storage.py +++ b/tests/test_redis_storage.py @@ -3,6 +3,7 @@ import pytest import uuid import time +import asyncio from aiohttp import web from aiohttp_session import Session, session_middleware, get_session @@ -310,3 +311,28 @@ def __init__(self, *args, **kwargs): mocker.patch('aiohttp_session.redis_storage.StrictVersion', Dummy) with pytest.raises(RuntimeError): create_app(handler=handler, redis=None) + + +async def test_load_session_dont_load_expired_session(aiohttp_client, + redis): + async def handler(request): + session = await get_session(request) + exp_param = request.rel_url.query.get('exp', None) + if exp_param is None: + session['a'] = 1 + session['b'] = 2 + else: + assert {} == session + + return web.Response(body=b'OK') + + client = await aiohttp_client( + create_app(handler, redis, 2) + ) + resp = await client.get('/') + assert resp.status == 200 + + await asyncio.sleep(5) + + resp = await client.get('/?exp=yes') + assert resp.status == 200