Skip to content
Browse files

Changed models.auth.Session.get_session_from_cookie to raise SessionD…

…oesNotExist instead of SuspiciousOperation if tamper check fails

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent d384870 commit 526f6af782350bbc3913470a6736c0f7f44548d0 @adrianholovaty adrianholovaty committed
Showing with 1 addition and 2 deletions.
  1. +1 −2 django/models/
3 django/models/
@@ -213,8 +213,7 @@ def _module_get_session_from_cookie(session_cookie_string):
raise SessionDoesNotExist
session_md5, tamper_check = session_cookie_string[:32], session_cookie_string[32:]
if + SECRET_KEY + 'auth').hexdigest() != tamper_check:
- from django.core.exceptions import SuspiciousOperation
- raise SuspiciousOperation, "User may have tampered with session cookie."
+ raise SessionDoesNotExist
return get_object(session_md5__exact=session_md5, select_related=True)
def _module_destroy_all_sessions(user_id):

0 comments on commit 526f6af

Please sign in to comment.
Something went wrong with that request. Please try again.