Fix: Sessions were shared between clients

2020-02-04 18:39:28 +01:00 · 2020-02-04 18:39:28 +01:00 · 5cee6e1d22
commit 5cee6e1d22
parent 0dc685ac81
5 changed files with 19 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,18 @@
 # Matemat Changelog

+<!-- BEGIN RELEASE v0.2.2 -->
+## Version 0.2.1
+
+Security fix release
+
+### Changes
+
+<!-- BEGIN CHANGES 0.2.2 -->
+- Fix: Sessions were shared between clients
+<!-- END CHANGES 0.2.2 -->
+
+<!-- END RELEASE v0.2.2 -->
+
 <!-- BEGIN RELEASE v0.2.1 -->
 ## Version 0.2.1

--- a/matemat/init.py
+++ b/matemat/init.py
@ -1,2 +1,2 @@

-__version__ = '0.2.1'
+__version__ = '0.2.2'
--- a/matemat/webserver/session/sessions.py
+++ b/matemat/webserver/session/sessions.py
@ -23,10 +23,12 @@ def start() -> str:
    # Reference date for session timeout
    now = datetime.utcnow()
    # Read the client's session ID, if any
-    session_id = str(request.get_cookie(_COOKIE_NAME, secret=__key))
+    session_id = request.get_cookie(_COOKIE_NAME, secret=__key)
    # If there is no active session, create a new session ID
    if session_id is None:
        session_id = str(uuid4())
+    else:
+        session_id = str(session_id)

    # Check for session timeout
    if session_id in __session_vars and __session_vars[session_id][0] < now:
--- a/package/archlinux/PKGBUILD
+++ b/package/archlinux/PKGBUILD
@ -2,7 +2,7 @@
 # Maintainer: s3lph <account-gitlab-ideynizv@kernelpanic.lol>

 pkgname=matemat
-pkgver=0.2.1
+pkgver=0.2.2
 pkgrel=1
 arch=('any')

--- a/package/debian/matemat/DEBIAN/control
+++ b/package/debian/matemat/DEBIAN/control
@ -1,5 +1,5 @@
 Package: matemat
-Version: 0.2.1
+Version: 0.2.2
 Maintainer: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
 Section: web
 Priority: optional