Commit fbe2eead authored by Russell Keith-Magee's avatar Russell Keith-Magee
Browse files

[1.3.X] Corrected an issue which could allow attackers to manipulate session... 

[1.3.X] Corrected an issue which could allow attackers to manipulate session data using the cache. A security announcement will be made shortly.

Backport of r16759 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16762 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 2f7fadc3

django/contrib/sessions/backends/cache.py

+6 −4
Original line number Diff line number Diff line 
from django.contrib.sessions.backends.base import SessionBase, CreateError

from django.core.cache import cache



KEY_PREFIX = "django.contrib.sessions.cache"



class SessionStore(SessionBase):

    """

    A cache-based session store.
@@ -10,7 +12,7 @@ class SessionStore(SessionBase): 
        super(SessionStore, self).__init__(session_key)



    def load(self):

        session_data = self._cache.get(self.session_key)

        session_data = self._cache.get(KEY_PREFIX + self.session_key)

        if session_data is not None:

            return session_data

        self.create()
@@ -37,13 +39,13 @@ class SessionStore(SessionBase): 
            func = self._cache.add

        else:

            func = self._cache.set

        result = func(self.session_key, self._get_session(no_load=must_create),

        result = func(KEY_PREFIX + self.session_key, self._get_session(no_load=must_create),

                self.get_expiry_age())

        if must_create and not result:

            raise CreateError



    def exists(self, session_key):

        if self._cache.has_key(session_key):

        if self._cache.has_key(KEY_PREFIX + session_key):

            return True

        return False
@@ -52,5 +54,5 @@ class SessionStore(SessionBase): 
            if self._session_key is None:

                return

            session_key = self._session_key

        self._cache.delete(session_key)

        self._cache.delete(KEY_PREFIX + session_key)

django/contrib/sessions/backends/cached_db.py

+9 −5
Original line number Diff line number Diff line
@@ -6,6 +6,8 @@ from django.conf import settings 
from django.contrib.sessions.backends.db import SessionStore as DBStore

from django.core.cache import cache



KEY_PREFIX = "django.contrib.sessions.cached_db"



class SessionStore(DBStore):

    """

    Implements cached, database backed sessions.
@@ -15,10 +17,11 @@ class SessionStore(DBStore): 
        super(SessionStore, self).__init__(session_key)



    def load(self):

        data = cache.get(self.session_key, None)

        data = cache.get(KEY_PREFIX + self.session_key, None)

        if data is None:

            data = super(SessionStore, self).load()

            cache.set(self.session_key, data, settings.SESSION_COOKIE_AGE)

            cache.set(KEY_PREFIX + self.session_key, data, 

                      settings.SESSION_COOKIE_AGE)

        return data



    def exists(self, session_key):
@@ -26,11 +29,12 @@ class SessionStore(DBStore): 


    def save(self, must_create=False):

        super(SessionStore, self).save(must_create)

        cache.set(self.session_key, self._session, settings.SESSION_COOKIE_AGE)

        cache.set(KEY_PREFIX + self.session_key, self._session, 

                  settings.SESSION_COOKIE_AGE)



    def delete(self, session_key=None):

        super(SessionStore, self).delete(session_key)

        cache.delete(session_key or self.session_key)

        cache.delete(KEY_PREFIX + (session_key or self.session_key))



    def flush(self):

        """