Download Install Tutorial Docs FAQ Tools WikiLicense Team IRC Planet Involvement Shop Book

Changeset 1239

Show
Ignore:
Timestamp:
08/12/06 01:51:29
Author:
fumanchu
Message:

Fix for #489 (secure session key). os.urandom is used when available.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/cherrypy/lib/sessions.py

    r1232 r1239  
    6767        pass 
    6868     
    69     def generate_id(self): 
    70         """Return a new session id.""" 
    71         return sha.new('%s' % random.random()).hexdigest() 
     69    try: 
     70        os.urandom(20) 
     71    except (AttributeError, NotImplementedError): 
     72        # os.urandom not available until Python 2.4. Fall back to random.random. 
     73        def generate_id(self): 
     74            """Return a new session id.""" 
     75            return sha.new('%s' % random.random()).hexdigest() 
     76    else: 
     77        def generate_id(self): 
     78            """Return a new session id.""" 
     79            return os.urandom(20).encode('hex') 
    7280     
    7381    def save(self): 

Hosted by WebFaction

Log in as guest/cpguest to create tickets