mirror of
				https://github.com/django/django.git
				synced 2025-10-25 06:36:07 +00:00 
			
		
		
		
	Fixed #4531 -- Added a bit more randomness to session idents. Thanks, Frank
Tegtmeyer. git-svn-id: http://code.djangoproject.com/svn/django/trunk@5470 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		
							
								
								
									
										1
									
								
								AUTHORS
									
									
									
									
									
								
							
							
						
						
									
										1
									
								
								AUTHORS
									
									
									
									
									
								
							| @@ -221,6 +221,7 @@ answer newbie questions, and generally made Django that much better: | |||||||
|     Aaron Swartz <http://www.aaronsw.com/> |     Aaron Swartz <http://www.aaronsw.com/> | ||||||
|     Ville Säävuori <http://www.unessa.net/> |     Ville Säävuori <http://www.unessa.net/> | ||||||
|     Tyson Tate <tyson@fallingbullets.com> |     Tyson Tate <tyson@fallingbullets.com> | ||||||
|  |     Frank Tegtmeyer <fte@fte.to> | ||||||
|     thebjorn <bp@datakortet.no> |     thebjorn <bp@datakortet.no> | ||||||
|     Zach Thompson <zthompson47@gmail.com> |     Zach Thompson <zthompson47@gmail.com> | ||||||
|     Tom Tobin |     Tom Tobin | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| import base64, md5, random, sys, datetime | import base64, md5, random, sys, datetime, os, time | ||||||
| import cPickle as pickle | import cPickle as pickle | ||||||
| from django.db import models | from django.db import models | ||||||
| from django.utils.translation import gettext_lazy as _ | from django.utils.translation import gettext_lazy as _ | ||||||
| @@ -14,9 +14,9 @@ class SessionManager(models.Manager): | |||||||
|     def get_new_session_key(self): |     def get_new_session_key(self): | ||||||
|         "Returns session key that isn't being used." |         "Returns session key that isn't being used." | ||||||
|         # The random module is seeded when this Apache child is created. |         # The random module is seeded when this Apache child is created. | ||||||
|         # Use person_id and SECRET_KEY as added salt. |         # Use SECRET_KEY as added salt. | ||||||
|         while 1: |         while 1: | ||||||
|             session_key = md5.new(str(random.randint(0, sys.maxint - 1)) + str(random.randint(0, sys.maxint - 1)) + settings.SECRET_KEY).hexdigest() |             session_key = md5.new("%s%s%s%s" % (random.randint(0, sys.maxint - 1), os.getpid(), time.time(), settings.SECRET_KEY)).hexdigest() | ||||||
|             try: |             try: | ||||||
|                 self.get(session_key=session_key) |                 self.get(session_key=session_key) | ||||||
|             except self.model.DoesNotExist: |             except self.model.DoesNotExist: | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user