Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Changed models.auth.Session.get_session_from_cookie to raise SessionD…

…oesNotExist instead of SuspiciousOperation if tamper check fails

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 526f6af782350bbc3913470a6736c0f7f44548d0 1 parent d384870
Adrian Holovaty adrianholovaty authored
Showing with 1 addition and 2 deletions.
  1. +1 −2  django/models/
3  django/models/
@@ -213,8 +213,7 @@ def _module_get_session_from_cookie(session_cookie_string):
raise SessionDoesNotExist
session_md5, tamper_check = session_cookie_string[:32], session_cookie_string[32:]
if + SECRET_KEY + 'auth').hexdigest() != tamper_check:
- from django.core.exceptions import SuspiciousOperation
- raise SuspiciousOperation, "User may have tampered with session cookie."
+ raise SessionDoesNotExist
return get_object(session_md5__exact=session_md5, select_related=True)
def _module_destroy_all_sessions(user_id):
Please sign in to comment.
Something went wrong with that request. Please try again.