Merge branch 'hotfix-session' into 'master'

Fix: Sessions were shared between clients

See merge request s3lph/matemat!69
This commit is contained in:
s3lph 2020-02-04 17:43:27 +00:00
commit dddd9c75be
5 changed files with 19 additions and 4 deletions

View file

@ -1,5 +1,18 @@
# Matemat Changelog
<!-- BEGIN RELEASE v0.2.2 -->
## Version 0.2.1
Security fix release
### Changes
<!-- BEGIN CHANGES 0.2.2 -->
- Fix: Sessions were shared between clients
<!-- END CHANGES 0.2.2 -->
<!-- END RELEASE v0.2.2 -->
<!-- BEGIN RELEASE v0.2.1 -->
## Version 0.2.1

View file

@ -1,2 +1,2 @@
__version__ = '0.2.1'
__version__ = '0.2.2'

View file

@ -23,10 +23,12 @@ def start() -> str:
# Reference date for session timeout
now = datetime.utcnow()
# Read the client's session ID, if any
session_id = str(request.get_cookie(_COOKIE_NAME, secret=__key))
session_id = request.get_cookie(_COOKIE_NAME, secret=__key)
# If there is no active session, create a new session ID
if session_id is None:
session_id = str(uuid4())
else:
session_id = str(session_id)
# Check for session timeout
if session_id in __session_vars and __session_vars[session_id][0] < now:

View file

@ -2,7 +2,7 @@
# Maintainer: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
pkgname=matemat
pkgver=0.2.1
pkgver=0.2.2
pkgrel=1
arch=('any')

View file

@ -1,5 +1,5 @@
Package: matemat
Version: 0.2.1
Version: 0.2.2
Maintainer: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
Section: web
Priority: optional