From 33076af6f2aa5285b3a70246e14163b901b512f7 Mon Sep 17 00:00:00 2001 From: Russell Keith-Magee Date: Sat, 10 Sep 2011 00:46:48 +0000 Subject: [PATCH] Corrected an issue which could allow attackers to manipulate session data using the cache. A security announcement will be made shortly. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16759 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/contrib/sessions/backends/cache.py | 10 ++++++---- django/contrib/sessions/backends/cached_db.py | 14 +++++++++----- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/django/contrib/sessions/backends/cache.py b/django/contrib/sessions/backends/cache.py index 22c95b23d5..41d203e918 100644 --- a/django/contrib/sessions/backends/cache.py +++ b/django/contrib/sessions/backends/cache.py @@ -1,6 +1,8 @@ from django.contrib.sessions.backends.base import SessionBase, CreateError from django.core.cache import cache +KEY_PREFIX = "django.contrib.sessions.cache" + class SessionStore(SessionBase): """ A cache-based session store. @@ -10,7 +12,7 @@ class SessionStore(SessionBase): super(SessionStore, self).__init__(session_key) def load(self): - session_data = self._cache.get(self.session_key) + session_data = self._cache.get(KEY_PREFIX + self.session_key) if session_data is not None: return session_data self.create() @@ -37,18 +39,18 @@ class SessionStore(SessionBase): func = self._cache.add else: func = self._cache.set - result = func(self.session_key, self._get_session(no_load=must_create), + result = func(KEY_PREFIX + self.session_key, self._get_session(no_load=must_create), self.get_expiry_age()) if must_create and not result: raise CreateError def exists(self, session_key): - return session_key in self._cache + return (KEY_PREFIX + session_key) in self._cache def delete(self, session_key=None): if session_key is None: if self._session_key is None: return session_key = self._session_key - self._cache.delete(session_key) + self._cache.delete(KEY_PREFIX + session_key) diff --git a/django/contrib/sessions/backends/cached_db.py b/django/contrib/sessions/backends/cached_db.py index 9e22c69228..465472d29c 100644 --- a/django/contrib/sessions/backends/cached_db.py +++ b/django/contrib/sessions/backends/cached_db.py @@ -6,6 +6,8 @@ from django.conf import settings from django.contrib.sessions.backends.db import SessionStore as DBStore from django.core.cache import cache +KEY_PREFIX = "django.contrib.sessions.cached_db" + class SessionStore(DBStore): """ Implements cached, database backed sessions. @@ -15,10 +17,11 @@ class SessionStore(DBStore): super(SessionStore, self).__init__(session_key) def load(self): - data = cache.get(self.session_key, None) + data = cache.get(KEY_PREFIX + self.session_key, None) if data is None: data = super(SessionStore, self).load() - cache.set(self.session_key, data, settings.SESSION_COOKIE_AGE) + cache.set(KEY_PREFIX + self.session_key, data, + settings.SESSION_COOKIE_AGE) return data def exists(self, session_key): @@ -26,11 +29,12 @@ class SessionStore(DBStore): def save(self, must_create=False): super(SessionStore, self).save(must_create) - cache.set(self.session_key, self._session, settings.SESSION_COOKIE_AGE) + cache.set(KEY_PREFIX + self.session_key, self._session, + settings.SESSION_COOKIE_AGE) def delete(self, session_key=None): super(SessionStore, self).delete(session_key) - cache.delete(session_key or self.session_key) + cache.delete(KEY_PREFIX + (session_key or self.session_key)) def flush(self): """ @@ -39,4 +43,4 @@ class SessionStore(DBStore): """ self.clear() self.delete(self.session_key) - self.create() \ No newline at end of file + self.create()