Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Changed models.auth.Session.get_session_from_cookie to raise SessionD…

…oesNotExist instead of SuspiciousOperation if tamper check fails

git-svn-id: http://code.djangoproject.com/svn/django/trunk@234 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 526f6af782350bbc3913470a6736c0f7f44548d0 1 parent d384870
Adrian Holovaty authored

Showing 1 changed file with 1 addition and 2 deletions. Show diff stats Hide diff stats

  1. 3  django/models/auth.py
3  django/models/auth.py
@@ -213,8 +213,7 @@ def _module_get_session_from_cookie(session_cookie_string):
213 213
             raise SessionDoesNotExist
214 214
         session_md5, tamper_check = session_cookie_string[:32], session_cookie_string[32:]
215 215
         if md5.new(session_md5 + SECRET_KEY + 'auth').hexdigest() != tamper_check:
216  
-            from django.core.exceptions import SuspiciousOperation
217  
-            raise SuspiciousOperation, "User may have tampered with session cookie."
  216
+            raise SessionDoesNotExist
218 217
         return get_object(session_md5__exact=session_md5, select_related=True)
219 218
 
220 219
     def _module_destroy_all_sessions(user_id):

0 notes on commit 526f6af

Please sign in to comment.
Something went wrong with that request. Please try again.