Fixed #4531 -- Added a bit more randomness to session idents. Thanks, Frank

Tegtmeyer. git-svn-id: http://code.djangoproject.com/svn/django/trunk@5470 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-06-15 00:22:16 +00:00 · 2007-06-15 00:22:16 +00:00 · 4a61c2f912
parent 88632cd7f9
commit 4a61c2f912
2 changed files with 4 additions and 3 deletions
--- a/1
+++ b/1
@ -221,6 +221,7 @@ answer newbie questions, and generally made Django that much better:
    Aaron Swartz <http://www.aaronsw.com/>
    Ville Säävuori <http://www.unessa.net/>
    Tyson Tate <tyson@fallingbullets.com>
+    Frank Tegtmeyer <fte@fte.to>
    thebjorn <bp@datakortet.no>
    Zach Thompson <zthompson47@gmail.com>
    Tom Tobin
--- a/django/contrib/sessions/models.py
+++ b/django/contrib/sessions/models.py
@ -1,4 +1,4 @@
-import base64, md5, random, sys, datetime
+import base64, md5, random, sys, datetime, os, time
 import cPickle as pickle
 from django.db import models
 from django.utils.translation import gettext_lazy as _
@ -14,9 +14,9 @@ class SessionManager(models.Manager):
    def get_new_session_key(self):
        "Returns session key that isn't being used."
        # The random module is seeded when this Apache child is created.
-        # Use person_id and SECRET_KEY as added salt.
+        # Use SECRET_KEY as added salt.
        while 1:
-            session_key = md5.new(str(random.randint(0, sys.maxint - 1)) + str(random.randint(0, sys.maxint - 1)) + settings.SECRET_KEY).hexdigest()
+            session_key = md5.new("%s%s%s%s" % (random.randint(0, sys.maxint - 1), os.getpid(), time.time(), settings.SECRET_KEY)).hexdigest()
            try:
                self.get(session_key=session_key)
            except self.model.DoesNotExist: