innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
20,488 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

6 Commits

Author SHA1 Message Date
Tim Graham 2eb86b01d7 [1.8.x] Fixed DoS possiblity in contrib.auth.views.logout() 
Thanks Florian Apolloner and Carl Meyer for review.

This is a security fix.
 2015-08-18 08:15:15 -04:00
Carl Meyer 66d12d1aba [1.8.x] Fixed #19324 -- Avoided creating a session record when loading the session. 
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
 2015-07-08 15:23:18 -04:00
Tim Graham 31cb25adec [1.8.x] Fixed incorrect session.flush() in cached_db session backend. 
This is a security fix; disclosure to follow shortly.

Thanks Sam Cooke for the report and draft patch.
 2015-05-20 13:49:07 -04:00
Bo Lopker 3c659856eb [1.8.x] Fixed #24799 -- Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN 
Backport of 2dee853ed4 from master
 2015-05-15 11:24:18 -04:00
Tim Graham 7b9f7b6670 [1.8.x] Fixed sessions test on Python 3.5; refs #23763. 
SimpleCookie.__repr__() changed in
https://hg.python.org/cpython/rev/88e1151e8e02

Backport of 4e59156c10 from master
 2015-03-31 08:41:31 -04:00
Tim Graham 10fdd2fc1d [1.8.x] Moved contrib.sessions tests out of contrib. 
Backport of fac3a34cbb from master
 2015-02-11 11:54:51 -05:00