mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-25 06:36:07 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #4531 -- Added a bit more randomness to session idents. Thanks, Frank

Browse Source 
Tegtmeyer.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5470 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Malcolm Tredinnick
2007-06-15 00:22:16 +00:00
parent 88632cd7f9
commit 4a61c2f912
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
django/contrib/sessions/models.py
View File

@@ -1,4 +1,4 @@
import base64, md5, random, sys, datetime
import base64, md5, random, sys, datetime, os, time
import cPickle as pickle
from django.db import models
from django.utils.translation import gettext_lazy as _
@@ -14,9 +14,9 @@ class SessionManager(models.Manager):
def get_new_session_key(self):
"Returns session key that isn't being used."
# The random module is seeded when this Apache child is created.
# Use person_id and SECRET_KEY as added salt.
# Use SECRET_KEY as added salt.
while 1:
session_key = md5.new(str(random.randint(0, sys.maxint - 1)) + str(random.randint(0, sys.maxint - 1)) + settings.SECRET_KEY).hexdigest()
session_key = md5.new("%s%s%s%s" % (random.randint(0, sys.maxint - 1), os.getpid(), time.time(), settings.SECRET_KEY)).hexdigest()
try:
self.get(session_key=session_key)
except self.model.DoesNotExist: