From 2972e8b5d5d1cc223e81e4fceef819333bbeb075 Mon Sep 17 00:00:00 2001 From: Adrian Holovaty Date: Thu, 18 Aug 2005 16:45:15 +0000 Subject: [PATCH] Improved session code to force creation of a new session key if the given session key doesn't exist -- for extra security git-svn-id: http://code.djangoproject.com/svn/django/trunk@536 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/middleware/sessions.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/django/middleware/sessions.py b/django/middleware/sessions.py index 41cf3daf02..614db5d0a8 100644 --- a/django/middleware/sessions.py +++ b/django/middleware/sessions.py @@ -44,6 +44,9 @@ class SessionWrapper(object): self._session_cache = s.get_decoded() except sessions.SessionDoesNotExist: self._session_cache = {} + # Set the session_key to None to force creation of a new + # key, for extra security. + self.session_key = None return self._session_cache _session = property(_get_session)