summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdrian Holovaty <adrian@holovaty.com>2005-07-20 00:57:38 +0000
committerAdrian Holovaty <adrian@holovaty.com>2005-07-20 00:57:38 +0000
commit526f6af782350bbc3913470a6736c0f7f44548d0 (patch)
treeb44cccedbefc7e180c7293340f97a66018a2cffe
parentd384870307a7612fe6eb340aeabcdc543b61390e (diff)
Changed models.auth.Session.get_session_from_cookie to raise SessionDoesNotExist instead of SuspiciousOperation if tamper check fails
git-svn-id: http://code.djangoproject.com/svn/django/trunk@234 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/models/auth.py3
1 files changed, 1 insertions, 2 deletions
diff --git a/django/models/auth.py b/django/models/auth.py
index 9acb40f44f..ef0ffdf749 100644
--- a/django/models/auth.py
+++ b/django/models/auth.py
@@ -213,8 +213,7 @@ class Session(meta.Model):
raise SessionDoesNotExist
session_md5, tamper_check = session_cookie_string[:32], session_cookie_string[32:]
if md5.new(session_md5 + SECRET_KEY + 'auth').hexdigest() != tamper_check:
- from django.core.exceptions import SuspiciousOperation
- raise SuspiciousOperation, "User may have tampered with session cookie."
+ raise SessionDoesNotExist
return get_object(session_md5__exact=session_md5, select_related=True)
def _module_destroy_all_sessions(user_id):