test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
21,014 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

7 Commits

Author SHA1 Message Date
Carl Meyer df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session. 
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
 2015-07-08 15:23:03 -04:00
David Bannon f4416b1a8b Fixed #24915 -- Added stricter session key validation 
Changed _session_key attribute to a property and implemented basic
validation in the setter. The session key must be 'truthy' and
at least 8 characters long. Otherwise, the value is set to None.
 2015-06-06 20:04:20 -04:00
Tim Graham 088579638b Fixed incorrect session.flush() in cached_db session backend. 
This is a security fix; disclosure to follow shortly.

Thanks Sam Cooke for the report and draft patch.
 2015-05-20 13:48:06 -04:00
Bo Lopker 2dee853ed4 Fixed #24799 -- Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN 2015-05-15 11:23:41 -04:00
Tim Graham 4e59156c10 Fixed sessions test on Python 3.5; refs #23763. 
SimpleCookie.__repr__() changed in
https://hg.python.org/cpython/rev/88e1151e8e02
 2015-03-31 08:38:43 -04:00
Tim Graham 8a481498aa Fixed #24468 -- Made signed cookies cache backend resilient to unpickling exceptions. 2015-03-12 08:19:54 -04:00
Tim Graham fac3a34cbb Moved contrib.sessions tests out of contrib. 2015-02-11 10:19:22 -05:00