#25489: SESSION_SAVE_EVERY_REQUEST Appears to have broke in 1.8.4
----------------------------------+--------------------------------------
Reporter: thornomad | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.sessions | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------------+--------------------------------------
Changes (by timgraham):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
This is due to the security fix in
8cc41ce7a7a8f6bebfdd89d5ab276cd0109f4fc5. Do you really require the
creation of empty sessions (and do you accept the DoS possibilities that
it entails)? We should at least update the documentation to better clarify
the expected behavior.
--
Ticket URL: <https://code.djangoproject.com/ticket/25489#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/067.22f143dcf4353a0ddfc8aa2ae31fe2da%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
