Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Changed models.auth.Session.get_session_from_cookie to raise SessionD…

…oesNotExist instead of SuspiciousOperation if tamper check fails

git-svn-id: http://code.djangoproject.com/svn/django/trunk@234 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 526f6af782350bbc3913470a6736c0f7f44548d0 1 parent d384870
@adrianholovaty adrianholovaty authored
Showing with 1 addition and 2 deletions.
  1. +1 −2  django/models/auth.py
View
3  django/models/auth.py
@@ -213,8 +213,7 @@ def _module_get_session_from_cookie(session_cookie_string):
raise SessionDoesNotExist
session_md5, tamper_check = session_cookie_string[:32], session_cookie_string[32:]
if md5.new(session_md5 + SECRET_KEY + 'auth').hexdigest() != tamper_check:
- from django.core.exceptions import SuspiciousOperation
- raise SuspiciousOperation, "User may have tampered with session cookie."
+ raise SessionDoesNotExist
return get_object(session_md5__exact=session_md5, select_related=True)
def _module_destroy_all_sessions(user_id):
Please sign in to comment.
Something went wrong with that request. Please try again.