#4531: SessionId collision - session takeover by accident
--------------------------------------------+-------------------------------
Reporter: Frank Tegtmeyer <[EMAIL PROTECTED]> | Owner:
adrian
Status: new | Component: Contrib
apps
Version: SVN | Resolution:
Keywords: sessionid session patch | Stage: Accepted
Has_patch: 1 | Needs_docs: 0
Needs_tests: 0 | Needs_better_patch: 1
--------------------------------------------+-------------------------------
Changes (by mtredinnick):
* needs_better_patch: 0 => 1
* summary: [patch] SessionId collision - session takeover by accident =>
SessionId collision - session takeover by
accident
* stage: Unreviewed => Accepted
Comment:
The {{{os.getpid()}}} change in the patch reduces randomness (the range of
pid values is smaller than the range 0 - maxint, plus pid will be the same
for processes in multi-threaded servers on some systems), so that part
should go out. Adding time.time() seems like a good idea; it's similar to
how we fixed another clash when the pseudo-random seeding was too close
together.
--
Ticket URL: <http://code.djangoproject.com/ticket/4531#comment:2>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
