#6941: Session key reuse creates minor security flaw.
----------------------------------------------+-----------------------------
Reporter: jb0t | Owner: nobody
Status: new | Milestone: 1.0
Component: django.contrib.sessions | Version: SVN
Resolution: | Keywords: session,
session key, duplicate
Stage: Accepted | Has_patch: 1
Needs_docs: 1 | Needs_tests: 1
Needs_better_patch: 0 |
----------------------------------------------+-----------------------------
Comment (by Itai Shirav <[EMAIL PROTECTED]>):
Please fix this! Whether or not it's a security flaw doesn't matter. It
can cause weird bugs that are very difficult to duplicate or understand.
For example, in my application I have filters that control what the user
wants to see. The selected filter is stored in the session. After
switching users, the application tries to use the first user's filter in
order to filter the second user's data - not good!
--
Ticket URL: <http://code.djangoproject.com/ticket/6941#comment:12>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
