Tim Graham
867d287b3a
Added a test to ensure empty sessions are saved.
2015-08-20 10:24:19 -04:00
Tim Graham
8cc41ce7a7
Fixed DoS possiblity in contrib.auth.views.logout()
...
Thanks Florian Apolloner and Carl Meyer for review.
This is a security fix.
2015-08-18 08:03:43 -04:00
Carl Meyer
df049ed77a
Fixed #19324 -- Avoided creating a session record when loading the session.
...
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.
This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
David Bannon
f4416b1a8b
Fixed #24915 -- Added stricter session key validation
...
Changed _session_key attribute to a property and implemented basic
validation in the setter. The session key must be 'truthy' and
at least 8 characters long. Otherwise, the value is set to None.
2015-06-06 20:04:20 -04:00
Tim Graham
088579638b
Fixed incorrect session.flush() in cached_db session backend.
...
This is a security fix; disclosure to follow shortly.
Thanks Sam Cooke for the report and draft patch.
2015-05-20 13:48:06 -04:00
Bo Lopker
2dee853ed4
Fixed #24799 -- Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN
2015-05-15 11:23:41 -04:00
Tim Graham
4e59156c10
Fixed sessions test on Python 3.5; refs #23763 .
...
SimpleCookie.__repr__() changed in
https://hg.python.org/cpython/rev/88e1151e8e02
2015-03-31 08:38:43 -04:00
Tim Graham
8a481498aa
Fixed #24468 -- Made signed cookies cache backend resilient to unpickling exceptions.
2015-03-12 08:19:54 -04:00
Tim Graham
fac3a34cbb
Moved contrib.sessions tests out of contrib.
2015-02-11 10:19:22 -05:00