self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-12 10:45:38 +02:00
Code Issues Releases Activity

ensure we clear the token on delete()

Browse Source
This commit is contained in:
Florent Daigniere 2021-12-21 15:59:00 +01:00
parent 2b29cfb3f0
commit 58d0faff7f
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/admin/mailu/utils.py
View File

@ -231,8 +231,6 @@ class MailuSession(CallbackDict, SessionMixin):
def destroy(self):
""" destroy session for security reasons. """
if 'webmail_token' in self:
self.app.session_store.delete(self['webmail_token'])
self.delete()
self._uid = None
@ -246,13 +244,15 @@ class MailuSession(CallbackDict, SessionMixin):
def regenerate(self):
""" generate new id for session to avoid `session fixation`. """
self.delete()
self.delete(clear_token=False)
self._sid = None
self.modified = True
def delete(self):
def delete(self, clear_token=True):
""" Delete stored session. """
if self.saved:
if clear_token and 'webmail_token' in self:
self.app.session_store.delete(self['webmail_token'])
self.app.session_store.delete(self._key)
self._key = None