Improved session code to force creation of a new session key if the given session key doesn't exist -- for extra security

git-svn-id: http://code.djangoproject.com/svn/django/trunk@536 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-08-18 16:45:15 +00:00 · 2005-08-18 16:45:15 +00:00 · 2972e8b5d5
parent cb022650e7
commit 2972e8b5d5
1 changed files with 3 additions and 0 deletions
--- a/django/middleware/sessions.py
+++ b/django/middleware/sessions.py
@ -44,6 +44,9 @@ class SessionWrapper(object):
                    self._session_cache = s.get_decoded()
                except sessions.SessionDoesNotExist:
                    self._session_cache = {}
+                    # Set the session_key to None to force creation of a new
+                    # key, for extra security.
+                    self.session_key = None
            return self._session_cache

    _session = property(_get_session)