Fix session resetting before expiry. (#671)

Dreamsorcerer · web-flow · commit bf9a5f0b8747 · 2022-01-29T17:19:36.000Z
diff --git a/aiohttp_session/__init__.py b/aiohttp_session/__init__.py
@@ -137,10 +137,12 @@ def __getitem__(self, key: str) -> Any:
     def __setitem__(self, key: str, value: Any) -> None:
         self._mapping[key] = value
         self._changed = True
+        self._created = int(time.time())
 
     def __delitem__(self, key: str) -> None:
         del self._mapping[key]
         self._changed = True
+        self._created = int(time.time())
 
 
 SESSION_KEY = "aiohttp_session"
diff --git a/tests/test_abstract_storage.py b/tests/test_abstract_storage.py
@@ -1,6 +1,7 @@
 import json
 import time
-from typing import Any, Dict
+from functools import partial
+from typing import Any, Dict, Optional
 from unittest import mock
 
 from aiohttp import web
@@ -31,7 +32,7 @@ def create_app(handler: Handler) -> web.Application:
 
 
 async def test_max_age_also_returns_expires(aiohttp_client: AiohttpClient) -> None:
-    async def handler(request: web.Request) -> web.StreamResponse:
+    async def handler(request: web.Request) -> web.Response:
         session = await get_session(request)
         session["c"] = 3
         return web.Response(body=b"OK")
@@ -41,6 +42,52 @@ async def handler(request: web.Request) -> web.StreamResponse:
 
         client = await aiohttp_client(create_app(handler))
         make_cookie(client, {"a": 1, "b": 2})
-        resp = await client.get("/")
-        assert resp.status == 200
-        assert "expires=Thu, 01-Jan-1970 00:00:10 GMT" in resp.headers["SET-COOKIE"]
+        async with client.get("/") as resp:
+            assert resp.status == 200
+            assert "expires=Thu, 01-Jan-1970 00:00:10 GMT" in resp.headers["SET-COOKIE"]
+
+
+async def test_max_age_session_reset(aiohttp_client: AiohttpClient) -> None:
+    async def handler(request: web.Request, n: Optional[str] = None) -> web.Response:
+        session = await get_session(request)
+        if n:
+            session[n] = True
+        return web.json_response(session._mapping)
+
+    app = create_app(handler)
+    app.router.add_route("GET", "/a", partial(handler, n="a"))
+    app.router.add_route("GET", "/b", partial(handler, n="b"))
+    app.router.add_route("GET", "/c", partial(handler, n="c"))
+    client = await aiohttp_client(app)
+
+    with mock.patch("time.time") as m_clock:
+        m_clock.return_value = 0.0
+        # Initialise the session (with a 10 second max_age).
+        async with client.get("/a") as resp:
+            c = resp.cookies["AIOHTTP_SESSION"]
+            assert "00:00:10" in c["expires"]
+            assert {"a"} == json.loads(c.value)["session"].keys()
+
+        m_clock.return_value = 8.0
+        # Here we update the session, which should reset expiry time to 18 seconds past.
+        async with client.get("/b") as resp:
+            c = resp.cookies["AIOHTTP_SESSION"]
+            assert "00:00:18" in c["expires"]
+            assert {"a", "b"} == json.loads(c.value)["session"].keys()
+
+        m_clock.return_value = 15.0
+        # Because the session has been updated, it should not have expired yet.
+        async with client.get("/") as resp:
+            sess = await resp.json()
+            assert {"a", "b"} == sess.keys()
+
+        async with client.get("/c") as resp:
+            c = resp.cookies["AIOHTTP_SESSION"]
+            assert "00:00:25" in c["expires"]
+            assert {"a", "b", "c"} == json.loads(c.value)["session"].keys()
+
+        m_clock.return_value = 30.0
+        # Here the session should have expired.
+        async with client.get("/") as resp:
+            sess = await resp.json()
+            assert sess == {}
