From 5cee6e1d22d3e91c9c531ef1705bb4674a6ca28f Mon Sep 17 00:00:00 2001 From: s3lph Date: Tue, 4 Feb 2020 18:39:28 +0100 Subject: [PATCH] Fix: Sessions were shared between clients --- CHANGELOG.md | 13 +++++++++++++ matemat/__init__.py | 2 +- matemat/webserver/session/sessions.py | 4 +++- package/archlinux/PKGBUILD | 2 +- package/debian/matemat/DEBIAN/control | 2 +- 5 files changed, 19 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 20873ea..53a9c59 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,18 @@ # Matemat Changelog + +## Version 0.2.1 + +Security fix release + +### Changes + + +- Fix: Sessions were shared between clients + + + + ## Version 0.2.1 diff --git a/matemat/__init__.py b/matemat/__init__.py index 34395d3..954cb1c 100644 --- a/matemat/__init__.py +++ b/matemat/__init__.py @@ -1,2 +1,2 @@ -__version__ = '0.2.1' +__version__ = '0.2.2' diff --git a/matemat/webserver/session/sessions.py b/matemat/webserver/session/sessions.py index 55f0549..6b5aad3 100644 --- a/matemat/webserver/session/sessions.py +++ b/matemat/webserver/session/sessions.py @@ -23,10 +23,12 @@ def start() -> str: # Reference date for session timeout now = datetime.utcnow() # Read the client's session ID, if any - session_id = str(request.get_cookie(_COOKIE_NAME, secret=__key)) + session_id = request.get_cookie(_COOKIE_NAME, secret=__key) # If there is no active session, create a new session ID if session_id is None: session_id = str(uuid4()) + else: + session_id = str(session_id) # Check for session timeout if session_id in __session_vars and __session_vars[session_id][0] < now: diff --git a/package/archlinux/PKGBUILD b/package/archlinux/PKGBUILD index 72723b0..18e7dc5 100644 --- a/package/archlinux/PKGBUILD +++ b/package/archlinux/PKGBUILD @@ -2,7 +2,7 @@ # Maintainer: s3lph pkgname=matemat -pkgver=0.2.1 +pkgver=0.2.2 pkgrel=1 arch=('any') diff --git a/package/debian/matemat/DEBIAN/control b/package/debian/matemat/DEBIAN/control index da86517..eb52b4c 100644 --- a/package/debian/matemat/DEBIAN/control +++ b/package/debian/matemat/DEBIAN/control @@ -1,5 +1,5 @@ Package: matemat -Version: 0.2.1 +Version: 0.2.2 Maintainer: s3lph Section: web Priority: optional