Merge branch 'hotfix-session' into 'master'

Fix: Sessions were shared between clients

See merge request s3lph/matemat!69

CHANGELOG.md

@@ -1,5 +1,18 @@
 # Matemat Changelog
 
+<!-- BEGIN RELEASE v0.2.2 -->
+## Version 0.2.1
+
+Security fix release
+
+### Changes
+
+<!-- BEGIN CHANGES 0.2.2 -->
+- Fix: Sessions were shared between clients
+<!-- END CHANGES 0.2.2 -->
+
+<!-- END RELEASE v0.2.2 -->
+
 <!-- BEGIN RELEASE v0.2.1 -->
 ## Version 0.2.1
 

matemat/__init__.py

@@ -1,2 +1,2 @@
 
-__version__ = '0.2.1'
+__version__ = '0.2.2'

matemat/webserver/session/sessions.py

@@ -23,10 +23,12 @@ def start() -> str:
     # Reference date for session timeout
     now = datetime.utcnow()
     # Read the client's session ID, if any
-    session_id = str(request.get_cookie(_COOKIE_NAME, secret=__key))
+    session_id = request.get_cookie(_COOKIE_NAME, secret=__key)
     # If there is no active session, create a new session ID
     if session_id is None:
         session_id = str(uuid4())
+    else:
+        session_id = str(session_id)
 
     # Check for session timeout
     if session_id in __session_vars and __session_vars[session_id][0] < now:

package/archlinux/PKGBUILD

@@ -2,7 +2,7 @@
 # Maintainer: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
 
 pkgname=matemat
-pkgver=0.2.1
+pkgver=0.2.2
 pkgrel=1
 arch=('any')
 

package/debian/matemat/DEBIAN/control

@@ -1,5 +1,5 @@
 Package: matemat
-Version: 0.2.1
+Version: 0.2.2
 Maintainer: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
 Section: web
 Priority: optional