mirror of
https://github.com/django/django.git
synced 2024-12-22 17:16:24 +00:00
Fixed #4531 -- Added a bit more randomness to session idents. Thanks, Frank
Tegtmeyer. git-svn-id: http://code.djangoproject.com/svn/django/trunk@5470 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
88632cd7f9
commit
4a61c2f912
1
AUTHORS
1
AUTHORS
@ -221,6 +221,7 @@ answer newbie questions, and generally made Django that much better:
|
||||
Aaron Swartz <http://www.aaronsw.com/>
|
||||
Ville Säävuori <http://www.unessa.net/>
|
||||
Tyson Tate <tyson@fallingbullets.com>
|
||||
Frank Tegtmeyer <fte@fte.to>
|
||||
thebjorn <bp@datakortet.no>
|
||||
Zach Thompson <zthompson47@gmail.com>
|
||||
Tom Tobin
|
||||
|
@ -1,4 +1,4 @@
|
||||
import base64, md5, random, sys, datetime
|
||||
import base64, md5, random, sys, datetime, os, time
|
||||
import cPickle as pickle
|
||||
from django.db import models
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
@ -14,9 +14,9 @@ class SessionManager(models.Manager):
|
||||
def get_new_session_key(self):
|
||||
"Returns session key that isn't being used."
|
||||
# The random module is seeded when this Apache child is created.
|
||||
# Use person_id and SECRET_KEY as added salt.
|
||||
# Use SECRET_KEY as added salt.
|
||||
while 1:
|
||||
session_key = md5.new(str(random.randint(0, sys.maxint - 1)) + str(random.randint(0, sys.maxint - 1)) + settings.SECRET_KEY).hexdigest()
|
||||
session_key = md5.new("%s%s%s%s" % (random.randint(0, sys.maxint - 1), os.getpid(), time.time(), settings.SECRET_KEY)).hexdigest()
|
||||
try:
|
||||
self.get(session_key=session_key)
|
||||
except self.model.DoesNotExist:
|
||||
|
Loading…
Reference in New Issue
Block a user