From a10180e58d9ee3cdc150e23c88d338c97a3890af Mon Sep 17 00:00:00 2001 From: Lex Date: Mon, 8 Jan 2024 16:20:54 +1000 Subject: [PATCH] Fix session id length implementation --- src/flask_session/sessions.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/flask_session/sessions.py b/src/flask_session/sessions.py index e070c01e..5e9e61f1 100644 --- a/src/flask_session/sessions.py +++ b/src/flask_session/sessions.py @@ -56,8 +56,8 @@ class SqlAlchemySession(ServerSideSession): class SessionInterface(FlaskSessionInterface): - def _generate_sid(self, app): - return secrets.token_urlsafe(app.config["SESSION_ID_LENGTH"]) + def _generate_sid(self, session_id_length): + return secrets.token_urlsafe(session_id_length) def __get_signer(self, app): if not hasattr(app, "secret_key") or not app.secret_key: @@ -118,13 +118,13 @@ def set_cookie_to_response(self, app, session, response, expires): def open_session(self, app, request): sid = request.cookies.get(app.config["SESSION_COOKIE_NAME"]) if not sid: - sid = self._generate_sid(app) + sid = self._generate_sid(app.config["SESSION_ID_LENGTH"]) return self.session_class(sid=sid, permanent=self.permanent) if self.use_signer: try: sid = self._unsign(app, sid) except BadSignature: - sid = self._generate_sid(app) + sid = self._generate_sid(app.config["SESSION_ID_LENGTH"]) return self.session_class(sid=sid, permanent=self.permanent) return self.fetch_session_sid(sid)