Robert Brewer avatar Robert Brewer committed f374cf2

Fix for #489 (secure session key). os.urandom is used when available.

Comments (0)

Files changed (1)

         """Clean up expired sessions."""
         pass
     
-    def generate_id(self):
-        """Return a new session id."""
-        return sha.new('%s' % random.random()).hexdigest()
+    try:
+        os.urandom(20)
+    except (AttributeError, NotImplementedError):
+        # os.urandom not available until Python 2.4. Fall back to random.random.
+        def generate_id(self):
+            """Return a new session id."""
+            return sha.new('%s' % random.random()).hexdigest()
+    else:
+        def generate_id(self):
+            """Return a new session id."""
+            return os.urandom(20).encode('hex')
     
     def save(self):
         """Save session data."""
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.