mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity
20,440 Commits 30 Branches 460 Tags
6acf0df86255ef4d2097f24cbfa39fdb44de19e3
Commit Graph

6 Commits

Author SHA1 Message Date
Tim Graham
2eb86b01d7 [1.8.x] Fixed DoS possiblity in contrib.auth.views.logout() 
Thanks Florian Apolloner and Carl Meyer for review.

This is a security fix.
 2015-08-18 08:15:15 -04:00
Carl Meyer
66d12d1aba [1.8.x] Fixed #19324 -- Avoided creating a session record when loading the session. 
The session record is now only created if/when the session is modified. This
prevents a potential DoS via creation of many empty session records.

This is a security fix; disclosure to follow shortly.
 2015-07-08 15:23:18 -04:00
Tim Graham
31cb25adec [1.8.x] Fixed incorrect session.flush() in cached_db session backend. 
This is a security fix; disclosure to follow shortly.

Thanks Sam Cooke for the report and draft patch.
 2015-05-20 13:49:07 -04:00
Bo Lopker
3c659856eb [1.8.x] Fixed #24799 -- Fixed session cookie deletion when using SESSION_COOKIE_DOMAIN 
Backport of 2dee853ed4 from master
 2015-05-15 11:24:18 -04:00
Tim Graham
7b9f7b6670 [1.8.x] Fixed sessions test on Python 3.5; refs #23763. 
SimpleCookie.__repr__() changed in
https://hg.python.org/cpython/rev/88e1151e8e02

Backport of 4e59156c10 from master
 2015-03-31 08:41:31 -04:00
Tim Graham
10fdd2fc1d [1.8.x] Moved contrib.sessions tests out of contrib. 
Backport of fac3a34cbb from master
 2015-02-11 11:54:51 -05:00