id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 1180 Django session key generation flawed wojtek@… Malcolm Tredinnick "{{{ session_key = md5.new(str(random.randint(0, sys.maxint - 1)) + SECRET_KEY).hexdigest() }}} this is used throughout django and it often generates duplicate keys, today i spent 5 hours trying to find out what was causing my site to break and it was this (since I used this algorithm in another context without checking if a session with given key already exists). i propose the following: {{{ session_key = md5.new( str(random.randint(0, sys.maxint - 1)) + ""#"" + str(random.randint(0, sys.maxint - 1)) + ""#"" + str(time.time()) + ""#"").hexdigest() }}} secret_key is pretty useless regards" defect closed contrib.sessions dev normal fixed Accepted 1 0 1 0 0 0