On May 5, 10:20 pm, Jeremy Dunck wrote:
> On Wed, May 5, 2010 at 2:45 PM, George Sakkis wrote:
>
> ...
>
> > I'm repeating myself here but if the intention is to really disallow
> > user-provided ids. it can be done more clearly: raise an exception if
> > the key does not exist and make the sessi
Am 05.05.2010 um 21:45 schrieb George Sakkis:
I'm repeating myself here but if the intention is to really disallow
user-provided ids. it can be done more clearly: raise an exception if
the key does not exist and make the session_key property read-only.
Now it seems like a bug that you can sort
How so? An exception here will be caught by the app or become a 500. That's
better than possibly using a chosen session key due to miscoding.
Matthew
On May 5, 2010 4:20 PM, "Jeremy Dunck" wrote:
On Wed, May 5, 2010 at 2:45 PM, George Sakkis
wrote:
...
> I'm repeating myself here but if the i
On Wed, May 5, 2010 at 2:45 PM, George Sakkis wrote:
...
> I'm repeating myself here but if the intention is to really disallow
> user-provided ids. it can be done more clearly: raise an exception if
> the key does not exist and make the session_key property read-only.
> Now it seems like a bug th
On May 5, 12:25 pm, Tom Evans wrote:
> On Wed, May 5, 2010 at 10:24 AM, George Sakkis
> wrote:
> > On May 4, 11:05 pm, Jacob Kaplan-Moss wrote:
>
> >> On Tue, May 4, 2010 at 3:11 PM, George Sakkis
> >> wrote:
> >> > Is this a bug or a feature ?
>
> >> Take a look at the source (django/contrib
On Wed, May 5, 2010 at 10:24 AM, George Sakkis wrote:
> On May 4, 11:05 pm, Jacob Kaplan-Moss wrote:
>
>> On Tue, May 4, 2010 at 3:11 PM, George Sakkis
>> wrote:
>> > Is this a bug or a feature ?
>>
>> Take a look at the source (django/contrib/sessions/backends/db.py;
>> line 16 - the load() fu
On May 4, 11:05 pm, Jacob Kaplan-Moss wrote:
> On Tue, May 4, 2010 at 3:11 PM, George Sakkis wrote:
> > Is this a bug or a feature ?
>
> Take a look at the source (django/contrib/sessions/backends/db.py;
> line 16 - the load() function). If the session key doesn't exist in
> the database, a new
On Tue, May 4, 2010 at 3:11 PM, George Sakkis wrote:
> Is this a bug or a feature ?
Take a look at the source (django/contrib/sessions/backends/db.py;
line 16 - the load() function). If the session key doesn't exist in
the database, a new session key will be generated. This prevents users
from be
Is this a bug or a feature ?
>>> from django.contrib.sessions.backends.db import SessionStore
>>> s = SessionStore(session_key='secret!!!11')
>>> s.session_key
'secret!!!1!1'
>>> 'foo' in s
False
>>> s.session_key
'7f9aa956cb169b1f89a3a5b384cafc1b'
George
--
You received this message because yo
