durusmail: quixote-users: Micropatch for 0.5
Micropatch for 0.5
2002-08-08
Jonathan Corbet
2002-08-08
Neil Schemenauer
Re: check_session_addr
2002-08-08
Jonathan Corbet
2002-08-08
Greg Ward
Micropatch for 0.5
Jonathan Corbet
2002-08-08
I can tell that a lot of people are using the "check_session_addr" option,
which is broken in 0.5 :)  Here's the fix.

(FWIW, *I'm* not using it either; too many users coming in from dynamic
connections who got tired of having to log in again....)

jon


diff -u session.py.orig session.py
--- session.py.orig     2002-08-08 13:04:56.000000000 -0600
+++ session.py  2002-08-08 13:12:09.000000000 -0600
@@ -293,7 +293,7 @@
                 # responsible for revoking the session cookie.  Yuck.
                 raise SessionError(session_id=id)
             if (config.check_session_addr and
-                session.remote_address != request.get_environ("REMOTE_ADDR")):
+                session.get_remote_address() !=
request.get_environ("REMOTE_ADDR")):
                 raise SessionError("Remote IP address does not match the "
                                    "IP address that created the session",
                                    session_id=id)
reply