From 4a61c2f9120fcf8effe5bf6d049f776d9f5a92a3 Mon Sep 17 00:00:00 2001 From: Malcolm Tredinnick Date: Fri, 15 Jun 2007 00:22:16 +0000 Subject: [PATCH] Fixed #4531 -- Added a bit more randomness to session idents. Thanks, Frank Tegtmeyer. git-svn-id: http://code.djangoproject.com/svn/django/trunk@5470 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- AUTHORS | 1 + django/contrib/sessions/models.py | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/AUTHORS b/AUTHORS index cd1bb2002f..cd136fe06c 100644 --- a/AUTHORS +++ b/AUTHORS @@ -221,6 +221,7 @@ answer newbie questions, and generally made Django that much better: Aaron Swartz Ville Säävuori Tyson Tate + Frank Tegtmeyer thebjorn Zach Thompson Tom Tobin diff --git a/django/contrib/sessions/models.py b/django/contrib/sessions/models.py index 77718407e1..521a2abee9 100644 --- a/django/contrib/sessions/models.py +++ b/django/contrib/sessions/models.py @@ -1,4 +1,4 @@ -import base64, md5, random, sys, datetime +import base64, md5, random, sys, datetime, os, time import cPickle as pickle from django.db import models from django.utils.translation import gettext_lazy as _ @@ -14,9 +14,9 @@ class SessionManager(models.Manager): def get_new_session_key(self): "Returns session key that isn't being used." # The random module is seeded when this Apache child is created. - # Use person_id and SECRET_KEY as added salt. + # Use SECRET_KEY as added salt. while 1: - session_key = md5.new(str(random.randint(0, sys.maxint - 1)) + str(random.randint(0, sys.maxint - 1)) + settings.SECRET_KEY).hexdigest() + session_key = md5.new("%s%s%s%s" % (random.randint(0, sys.maxint - 1), os.getpid(), time.time(), settings.SECRET_KEY)).hexdigest() try: self.get(session_key=session_key) except self.model.DoesNotExist: