Sessions and authentication without cookies

1
2
3
4
5
6
7
8
9
from django.conf import settings

class FakeSessionCookieMiddleware(object):
    
    def process_request(self, request):
        if not request.COOKIES.has_key(settings.SESSION_COOKIE_NAME) \
            and request.GET.has_key(settings.SESSION_COOKIE_NAME):
            request.COOKIES[settings.SESSION_COOKIE_NAME] = \ 
              request.GET[settings.SESSION_COOKIE_NAME]

More like this

  1. CurrentSessionIDMiddleware by troolee 3 years, 9 months ago
  2. Partial JSON template rendering by barbuza 6 years, 5 months ago
  3. Log all interaction with user to the DB by inuwashi 3 years, 3 months ago
  4. Add httponly to session cookie by rodolfo.3 4 years ago
  5. apache authentication via cookies by sean 7 years, 1 month ago

Comments

arne (on November 8, 2007):

I like this snippet, but one question came to my mind: what happens if i call the view with some arbitrary data instead of the session-id in the url (the content of request.GET[settings.SESSION_COOKIE_NAME])? Is there a possibility to inject/break anything here? I'm pretty sure this is not the case, but I would like to here some other opinions on this.

#

(Forgotten your password?)