1
0
mirror of https://github.com/django/django.git synced 2024-11-18 07:26:04 +00:00
Commit Graph

7 Commits

Author SHA1 Message Date
Carl Meyer
df049ed77a Fixed #19324 -- Avoided creating a session record when loading the session.
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
David Bannon
f4416b1a8b Fixed #24915 -- Added stricter session key validation
Changed _session_key attribute to a property and implemented basic
validation in the setter. The session key must be 'truthy' and
at least 8 characters long. Otherwise, the value is set to None.
2015-06-06 20:04:20 -04:00
Tim Graham
088579638b Fixed incorrect session.flush() in cached_db session backend.
This is a security fix; disclosure to follow shortly.

Thanks Sam Cooke for the report and draft patch.
2015-05-20 13:48:06 -04:00
Bo Lopker
2dee853ed4 Fixed #24799 -- Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN 2015-05-15 11:23:41 -04:00
Tim Graham
4e59156c10 Fixed sessions test on Python 3.5; refs #23763.
SimpleCookie.__repr__() changed in
https://hg.python.org/cpython/rev/88e1151e8e02
2015-03-31 08:38:43 -04:00
Tim Graham
8a481498aa Fixed #24468 -- Made signed cookies cache backend resilient to unpickling exceptions. 2015-03-12 08:19:54 -04:00
Tim Graham
fac3a34cbb Moved contrib.sessions tests out of contrib. 2015-02-11 10:19:22 -05:00