1
0
Fork 0
forked from s3lph/matemat

fix: session id shared between all sessions

fix: minor css fixes
This commit is contained in:
s3lph 2024-12-07 16:30:28 +01:00
parent 67e2a813d5
commit 745843e07d
Signed by untrusted user: s3lph
GPG key ID: 0AA29A52FB33CFB5
5 changed files with 27 additions and 7 deletions

View file

@ -1,5 +1,19 @@
# Matemat Changelog
<!-- BEGIN RELEASE v0.4.1 -->
## Version 0.4.1
Security Fix & minor UI fixes
### Changes
<!-- BEGIN CHANGES 0.4.1 -->
- fix: session id shared between all sessions
- fix: minor css fixes
<!-- END CHANGES 0.4.1 -->
<!-- END RELEASE v0.4.1 -->
<!-- BEGIN RELEASE v0.4.0 -->
## Version 0.4.0

View file

@ -1,2 +1,2 @@
__version__ = '0.4.0'
__version__ = '0.4.1'

View file

@ -20,9 +20,9 @@ def start() -> str:
:return: The session ID.
"""
if hasattr(response, 'session_id'):
if 'session_id' in request.environ:
# A session has already been created while handling the same request
return response.session_id
return request.environ['session_id']
# Reference date for session timeout
now = datetime.now(UTC)
# Read the client's session ID, if any
@ -46,9 +46,9 @@ def start() -> str:
(now + timedelta(seconds=_SESSION_TIMEOUT), __session_vars[session_id][1])
# Return the session ID and timeout
response.set_cookie(_COOKIE_NAME, session_id, secret=__key)
# Piggy-back the session id onto the response object so that we don't create another session
# Piggy-back the session id onto the request object so that we don't create another session
# in subsequent calls to start() while handling the same request.
response.session_id = session_id
request.environ['session_id'] = session_id
return session_id

View file

@ -233,3 +233,9 @@
.card-img-overlay span {
padding: .5em;
}
.card-header {
overflow: hidden;
white-space: nowrap;
text-overflow: ellipsis;
}

View file

@ -8,10 +8,10 @@
<p>
Your balance: <strong>{{ authuser.balance|chf }}</strong>
</p>
<p id="depositlist">
<div id="depositlist">
<a class="btn btn-primary me-2" href="/deposit?n=100">Deposit CHF 1</a>
<a class="btn btn-primary me-2" href="/deposit?n=1000">Deposit CHF 10</a>
</p>
</div>
<div id="deposit-wrapper">
<div id="deposit-input">
<div id="deposit-output">