Skip to content
Browse files

Delete invalid session cookies

  • Loading branch information...
1 parent fde3f0f commit 42a71250649329bab16c7207d3022159f1e4b26f @cnorthwood cnorthwood committed
Showing with 6 additions and 3 deletions.
  1. +6 −3 molly/auth/middleware.py
View
9 molly/auth/middleware.py
@@ -57,11 +57,14 @@ def process_view(self, request, view_func, view_args, view_kwargs):
secure_view = isinstance(view_func, SecureView)
# If the non-secure session is marked secure, refuse the request.
- # Likewise, if the secure session isn't marked secure, refuse the request.
- if request.session.get('is_secure'):
+ # Likewise, if the secure session isn't marked secure, refuse the
+ # request and delete the cookie.
+ if request.session.get('is_secure'):
return HttpResponseForbidden('Invalid session_id', mimetype='text/plain')
if request.secure_session and not request.secure_session.get('is_secure'):
- return HttpResponseForbidden('Invalid secure_session_id', mimetype='text/plain')
+ resp = HttpResponseForbidden('Invalid secure_session_id', mimetype='text/plain')
+ resp.delete_cookie('secure_session_id')
+ return resp
if secure_view and not secure_request:
uri = request.build_absolute_uri().split(':', 1)

0 comments on commit 42a7125

Please sign in to comment.
Something went wrong with that request. Please try again.