#24915: Stricter validation on session key
-------------------------------------+-------------------------------------
Reporter: erikr | Owner: sp1ky
Type: | Status: closed
Cleanup/optimization |
Component: contrib.sessions | Version: 1.8
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Tim Graham <timograham@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"f4416b1a8b92e492707a6261b7a1132f8550457f" f4416b1]:
{{{
#!CommitTicketReference repository=""
revision="f4416b1a8b92e492707a6261b7a1132f8550457f"
Fixed #24915 -- Added stricter session key validation
Changed _session_key attribute to a property and implemented basic
validation in the setter. The session key must be 'truthy' and
at least 8 characters long. Otherwise, the value is set to None.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/24915#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/063.c3c190fdbffee104e70d0bd456bb6981%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
