Skip to content

Commit

Permalink
Fix session id length implementation
Browse files Browse the repository at this point in the history
  • Loading branch information
Lxstr committed Jan 8, 2024
1 parent c29d903 commit a10180e
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions src/flask_session/sessions.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,8 @@ class SqlAlchemySession(ServerSideSession):

class SessionInterface(FlaskSessionInterface):

def _generate_sid(self, app):
return secrets.token_urlsafe(app.config["SESSION_ID_LENGTH"])
def _generate_sid(self, session_id_length):
return secrets.token_urlsafe(session_id_length)

def __get_signer(self, app):
if not hasattr(app, "secret_key") or not app.secret_key:
Expand Down Expand Up @@ -118,13 +118,13 @@ def set_cookie_to_response(self, app, session, response, expires):
def open_session(self, app, request):
sid = request.cookies.get(app.config["SESSION_COOKIE_NAME"])
if not sid:
sid = self._generate_sid(app)
sid = self._generate_sid(app.config["SESSION_ID_LENGTH"])
return self.session_class(sid=sid, permanent=self.permanent)
if self.use_signer:
try:
sid = self._unsign(app, sid)
except BadSignature:
sid = self._generate_sid(app)
sid = self._generate_sid(app.config["SESSION_ID_LENGTH"])
return self.session_class(sid=sid, permanent=self.permanent)
return self.fetch_session_sid(sid)

Expand Down

0 comments on commit a10180e

Please sign in to comment.