diff options
| author | Adrian Holovaty <adrian@holovaty.com> | 2005-07-20 00:57:38 +0000 |
|---|---|---|
| committer | Adrian Holovaty <adrian@holovaty.com> | 2005-07-20 00:57:38 +0000 |
| commit | 526f6af782350bbc3913470a6736c0f7f44548d0 (patch) | |
| tree | b44cccedbefc7e180c7293340f97a66018a2cffe | |
| parent | d384870307a7612fe6eb340aeabcdc543b61390e (diff) | |
Changed models.auth.Session.get_session_from_cookie to raise SessionDoesNotExist instead of SuspiciousOperation if tamper check fails
git-svn-id: http://code.djangoproject.com/svn/django/trunk@234 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | django/models/auth.py | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/django/models/auth.py b/django/models/auth.py index 9acb40f44f..ef0ffdf749 100644 --- a/django/models/auth.py +++ b/django/models/auth.py @@ -213,8 +213,7 @@ class Session(meta.Model): raise SessionDoesNotExist session_md5, tamper_check = session_cookie_string[:32], session_cookie_string[32:] if md5.new(session_md5 + SECRET_KEY + 'auth').hexdigest() != tamper_check: - from django.core.exceptions import SuspiciousOperation - raise SuspiciousOperation, "User may have tampered with session cookie." + raise SessionDoesNotExist return get_object(session_md5__exact=session_md5, select_related=True) def _module_destroy_all_sessions(user_id): |
