Commits

Robert Brewer  committed ec72c91
  • Participants
  • Parent commits 1cd792a

Comments (0)

Files changed (1)

File cherrypy/lib/sessions.py

     
     def _get_file_path(self):
         f = os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
-        if not os.path.normpath(f).startswith(self.storage_path):
+        if not os.path.abspath(f).startswith(self.storage_path):
             raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
         return f