1
0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00
Commit Graph

6 Commits

Author SHA1 Message Date
Tim Graham
2eb86b01d7 [1.8.x] Fixed DoS possiblity in contrib.auth.views.logout()
Thanks Florian Apolloner and Carl Meyer for review.

This is a security fix.
2015-08-18 08:15:15 -04:00
Carl Meyer
66d12d1aba [1.8.x] Fixed #19324 -- Avoided creating a session record when loading the session.
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:18 -04:00
Tim Graham
31cb25adec [1.8.x] Fixed incorrect session.flush() in cached_db session backend.
This is a security fix; disclosure to follow shortly.

Thanks Sam Cooke for the report and draft patch.
2015-05-20 13:49:07 -04:00
Bo Lopker
3c659856eb [1.8.x] Fixed #24799 -- Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN
Backport of 2dee853ed4 from master
2015-05-15 11:24:18 -04:00
Tim Graham
7b9f7b6670 [1.8.x] Fixed sessions test on Python 3.5; refs #23763.
SimpleCookie.__repr__() changed in
https://hg.python.org/cpython/rev/88e1151e8e02

Backport of 4e59156c10 from master
2015-03-31 08:41:31 -04:00
Tim Graham
10fdd2fc1d [1.8.x] Moved contrib.sessions tests out of contrib.
Backport of fac3a34cbb from master
2015-02-11 11:54:51 -05:00