[ http://issues.apache.org/jira/browse/MODPYTHON-191?page=all ]
Graham Dumpleton updated MODPYTHON-191:
---
Fix Version/s: 3.3
This will now be addressed as part of code changes for MODPYTHON-200.
> Tampering with signed cookies.
> --
[ http://issues.apache.org/jira/browse/MODPYTHON-191?page=all ]
Work on MODPYTHON-191 started by Graham Dumpleton.
> Tampering with signed cookies.
> --
>
> Key: MODPYTHON-191
> URL: http://issues.apache.org/jira/browse/MODPYTHON-19
[ http://issues.apache.org/jira/browse/MODPYTHON-191?page=all ]
Graham Dumpleton reassigned MODPYTHON-191:
--
Assignee: Graham Dumpleton
> Tampering with signed cookies.
> --
>
> Key: MODPYTHON-191
>
In mod_python, the session ID consists of 32 characters coming from the ranges
0-9 and a-f. At the moment the code will if it detects invalid characters in
the SID or it is the wrong size, raise a HTTP_INTERNAL_SERVER_ERROR exception.
if self._sid:
# Validate the sid *before* l
