accounts: Generate random session ID in webapp

author Michael Tremer <michael.tremer@ipfire.org>

Mon, 28 Oct 2019 18:42:20 +0000 (18:42 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Mon, 28 Oct 2019 18:42:20 +0000 (18:42 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Mon, 28 Oct 2019 18:42:20 +0000 (18:42 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Mon, 28 Oct 2019 18:42:20 +0000 (18:42 +0000)
diff --git a/src/backend/accounts.py b/src/backend/accounts.py

index 824194c2ab94d956d78099201dc4f4eaa39daeb9..3e6412f26a4d40c7eed6ccf803f391f1781d5716 100644 (file)
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -286,8 +286,10 @@ class Accounts(Object):
         # Session stuff
  
         def create_session(self, account, host):
-               res = self.db.get("INSERT INTO sessions(host, uid) VALUES(%s, %s) \
-                       RETURNING session_id, time_expires", host, account.uid)
+               session_id = util.random_string(64)
+
+               res = self.db.get("INSERT INTO sessions(host, uid, session_id) VALUES(%s, %s, %s) \
+                       RETURNING session_id, time_expires", host, account.uid, session_id)
  
                 # Session could not be created
                 if not res:
author	Michael Tremer <michael.tremer@ipfire.org>
	Mon, 28 Oct 2019 18:42:20 +0000 (18:42 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Mon, 28 Oct 2019 18:42:20 +0000 (18:42 +0000)