Code

Ticket #11729: session_key_entropy.patch

File session_key_entropy.patch, 645 bytes (added by rfk, 5 years ago)
  • django/contrib/sessions/backends/base.py

    diff --git a/django/contrib/sessions/backends/base.py b/django/contrib/sessions/backends/base.py
    index b4cdead..6428705 100644
    a b class SessionBase(object): 
    138138            # No getpid() in Jython, for example 
    139139            pid = 1 
    140140        while 1: 
    141             session_key = md5_constructor("%s%s%s%s" 
     141            session_key = md5_constructor("%s%s%.20f%s" 
    142142                    % (randrange(0, MAX_SESSION_KEY), pid, time.time(), 
    143143                       settings.SECRET_KEY)).hexdigest() 
    144144            if not self.exists(session_key):