Skip to content

Commit f0c4077

Browse files
committed
Don't expose session keys in views
1 parent 671b38c commit f0c4077

File tree

2 files changed

+1
-12
lines changed

2 files changed

+1
-12
lines changed

Diff for: tests/tests.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -88,8 +88,8 @@ def test_list(self):
8888
user_agent='Firefox')
8989
response = self.client.get(reverse('user_sessions:session_list'))
9090
self.assertContains(response, 'Active Sessions')
91-
self.assertContains(response, 'End Session', 3)
9291
self.assertContains(response, 'Firefox')
92+
self.assertNotContains(response, 'ABC123')
9393

9494
def test_delete(self):
9595
session_key = self.client.cookies[settings.SESSION_COOKIE_NAME].value

Diff for: user_sessions/templates/user_sessions/session_list.html

-11
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@ <h1>{% trans "Active Sessions" %}</h1>
1313
<th>{% trans "Location" %}</th>
1414
<th>{% trans "Device" %}</th>
1515
<th>{% trans "Last Activity" %}</th>
16-
<th>{% trans "End Session" %}</th>
1716
</tr>
1817
</thead>
1918
{% for object in object_list %}
@@ -27,16 +26,6 @@ <h1>{% trans "Active Sessions" %}</h1>
2726
{% blocktrans with time=object.last_activity|timesince %}{{ time }} ago{% endblocktrans %}
2827
{% endif %}
2928
</td>
30-
<td>
31-
<form method="post" action="{% url 'user_sessions:session_delete' object.pk %}">
32-
{% csrf_token %}
33-
{% if object.session_key == session_key %}
34-
<button type="submit" class="btn btn-xs btn-link">{% trans "End Session" %}</button>
35-
{% else %}
36-
<button type="submit" class="btn btn-xs btn-warning">{% trans "End Session" %}</button>
37-
{% endif %}
38-
</form>
39-
</td>
4029
</tr>
4130
{% endfor %}
4231
</table>

0 commit comments

Comments
 (0)