Opened 17 years ago
Closed 15 years ago
#9489 closed (duplicate)
Unnecessary validation of internal data in contrib.sessions
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | contrib.sessions | Version: | 1.0 |
| Severity: | Keywords: | sessions get_decoded md5 tamper | |
| Cc: | Triage Stage: | Design decision needed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
In django/contrib/sessions/models.py in method get_decoded data from database is verified for some reason (with md5 signature).
The signature is added by method SessionManager.encode.
Why internal data is checked if it cannot be alter by an external user?
Change History (2)
comment:1 by , 17 years ago
| Triage Stage: | Unreviewed → Design decision needed |
|---|
comment:2 by , 15 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
#14634 raises the same issue, contains a detailed discussion, and is closed as wontfix.