Skip to content
Snippets Groups Projects
Commit 216e8810 authored by Andreas Valder's avatar Andreas Valder
Browse files

shortened csrf protection strings from 128 chars to 64

parent 28e81389
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
server.py
+ 1
1
View file @ 216e8810
......@@ -527,7 +527,7 @@ def login():
modify('INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")', user, session['user']['givenName'], user)
dbuser = query('SELECT * FROM users WHERE name = ?', user)
session['user']['dbid'] = dbuser[0]['id']
session['_csrf_token'] = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(128))
session['_csrf_token'] = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(64))
session.permanent = True
return redirect(request.values.get('ref', url_for('index')))
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment