From 526f6af782350bbc3913470a6736c0f7f44548d0 Mon Sep 17 00:00:00 2001
From: Adrian Holovaty <adrian@holovaty.com>
Date: Wed, 20 Jul 2005 00:57:38 +0000
Subject: [PATCH] Changed models.auth.Session.get_session_from_cookie to raise
 SessionDoesNotExist instead of SuspiciousOperation if tamper check fails

git-svn-id: http://code.djangoproject.com/svn/django/trunk@234 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/models/auth.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/django/models/auth.py b/django/models/auth.py
index 9acb40f44f9..ef0ffdf7492 100644
--- a/django/models/auth.py
+++ b/django/models/auth.py
@@ -213,8 +213,7 @@ class Session(meta.Model):
             raise SessionDoesNotExist
         session_md5, tamper_check = session_cookie_string[:32], session_cookie_string[32:]
         if md5.new(session_md5 + SECRET_KEY + 'auth').hexdigest() != tamper_check:
-            from django.core.exceptions import SuspiciousOperation
-            raise SuspiciousOperation, "User may have tampered with session cookie."
+            raise SessionDoesNotExist
         return get_object(session_md5__exact=session_md5, select_related=True)
 
     def _module_destroy_all_sessions(user_id):