From 216e8810b95ea6b29f7fa6b8c2940d002abc152e Mon Sep 17 00:00:00 2001
From: Andreas <andreasv@fsmpi.rwth-aachen.de>
Date: Thu, 8 Jun 2017 08:53:05 +0200
Subject: [PATCH] shortened csrf protection strings from 128 chars to 64

---
 server.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server.py b/server.py
index f14e2d9..a06b3ae 100644
--- a/server.py
+++ b/server.py
@@ -527,7 +527,7 @@ def login():
 		modify('INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")', user, session['user']['givenName'], user)
 		dbuser = query('SELECT * FROM users WHERE name = ?', user)
 	session['user']['dbid'] = dbuser[0]['id']
-	session['_csrf_token'] = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(128))
+	session['_csrf_token'] = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(64))
 	session.permanent = True
 	return redirect(request.values.get('ref', url_for('index')))
 
-- 
GitLab