Changed models.auth.Session.get_session_from_cookie to raise SessionDoesNotExist instead of SuspiciousOperation if tamper check fails

git-svn-id: http://code.djangoproject.com/svn/django/trunk@234 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-07-20 00:57:38 +00:00 · 2005-07-20 00:57:38 +00:00 · 526f6af782
parent d384870307
commit 526f6af782
1 changed files with 1 additions and 2 deletions
--- a/django/models/auth.py
+++ b/django/models/auth.py
@ -213,8 +213,7 @@ class Session(meta.Model):
            raise SessionDoesNotExist
        session_md5, tamper_check = session_cookie_string[:32], session_cookie_string[32:]
        if md5.new(session_md5 + SECRET_KEY + 'auth').hexdigest() != tamper_check:
-            from django.core.exceptions import SuspiciousOperation
-            raise SuspiciousOperation, "User may have tampered with session cookie."
+            raise SessionDoesNotExist
        return get_object(session_md5__exact=session_md5, select_related=True)

    def _module_destroy_all_sessions(user_id):