[1.8.x] Fixed incorrect session.flush() in cached_db session backend.

This is a security fix; disclosure to follow shortly. Thanks Sam Cooke for the report and draft patch.
2025-10-30 00:56:09 +00:00 · 2015-05-11 09:58:43 -04:00
parent 2b2a2157d0
commit 31cb25adec
3 changed files with 19 additions and 2 deletions
--- a/django/contrib/sessions/backends/cached_db.py
+++ b/django/contrib/sessions/backends/cached_db.py
@@ -79,7 +79,7 @@ class SessionStore(DBStore):
        """
        self.clear()
        self.delete(self.session_key)
-        self._session_key = ''
+        self._session_key = None

 # At bottom to avoid circular import
 from django.contrib.sessions.models import Session  # isort:skip