Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #4531 -- Added a bit more randomness to session idents. Thanks,…

… Frank

Tegtmeyer.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5470 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 4a61c2f9120fcf8effe5bf6d049f776d9f5a92a3 1 parent 88632cd
Malcolm Tredinnick authored June 15, 2007
1  AUTHORS
@@ -221,6 +221,7 @@ answer newbie questions, and generally made Django that much better:
221 221
     Aaron Swartz <http://www.aaronsw.com/>
222 222
     Ville Säävuori <http://www.unessa.net/>
223 223
     Tyson Tate <tyson@fallingbullets.com>
  224
+    Frank Tegtmeyer <fte@fte.to>
224 225
     thebjorn <bp@datakortet.no>
225 226
     Zach Thompson <zthompson47@gmail.com>
226 227
     Tom Tobin
6  django/contrib/sessions/models.py
... ...
@@ -1,4 +1,4 @@
1  
-import base64, md5, random, sys, datetime
  1
+import base64, md5, random, sys, datetime, os, time
2 2
 import cPickle as pickle
3 3
 from django.db import models
4 4
 from django.utils.translation import gettext_lazy as _
@@ -14,9 +14,9 @@ def encode(self, session_dict):
14 14
     def get_new_session_key(self):
15 15
         "Returns session key that isn't being used."
16 16
         # The random module is seeded when this Apache child is created.
17  
-        # Use person_id and SECRET_KEY as added salt.
  17
+        # Use SECRET_KEY as added salt.
18 18
         while 1:
19  
-            session_key = md5.new(str(random.randint(0, sys.maxint - 1)) + str(random.randint(0, sys.maxint - 1)) + settings.SECRET_KEY).hexdigest()
  19
+            session_key = md5.new("%s%s%s%s" % (random.randint(0, sys.maxint - 1), os.getpid(), time.time(), settings.SECRET_KEY)).hexdigest()
20 20
             try:
21 21
                 self.get(session_key=session_key)
22 22
             except self.model.DoesNotExist:

0 notes on commit 4a61c2f

Please sign in to comment.
Something went wrong with that request. Please try again.