Changed models.auth.Session.get_session_from_cookie to raise SessionD…

…oesNotExist instead of SuspiciousOperation if tamper check fails git-svn-id: http://code.djangoproject.com/svn/django/trunk@234 bcc190cf-cafb-0310-a4f2-bffc1f526a37
django · Jul 20, 2005 · 526f6af · 526f6af
1 parent d384870
commit 526f6af
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/django/models/auth.py b/django/models/auth.py
@@ -213,8 +213,7 @@ def _module_get_session_from_cookie(session_cookie_string):
             raise SessionDoesNotExist
         session_md5, tamper_check = session_cookie_string[:32], session_cookie_string[32:]
         if md5.new(session_md5 + SECRET_KEY + 'auth').hexdigest() != tamper_check:
-            from django.core.exceptions import SuspiciousOperation
+            raise SessionDoesNotExist
-            raise SuspiciousOperation, "User may have tampered with session cookie."
         return get_object(session_md5__exact=session_md5, select_related=True)
 
     def _module_destroy_all_sessions(user_id):