p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Improved session code to force creation of a new session key if the given session key doesn't exist -- for extra security 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@536 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2005-08-18 16:45:15 +00:00
parent cb022650e7
commit 2972e8b5d5
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
django/middleware/sessions.py
View File

@ -44,6 +44,9 @@ class SessionWrapper(object):
self._session_cache = s.get_decoded() self._session_cache = s.get_decoded()
except sessions.SessionDoesNotExist: except sessions.SessionDoesNotExist:
self._session_cache = {} self._session_cache = {}
# Set the session_key to None to force creation of a new
# key, for extra security.
self.session_key = None
return self._session_cache return self._session_cache
_session = property(_get_session) _session = property(_get_session)