maya-chen/flask
1
0
Fork 0
forked from orbit-oss/flask
Code Pull requests Activity

show warning if session cookie domain is ip

Browse source 
closes #2007
This commit is contained in:
José Oliveira 2016-12-04 18:29:11 +00:00 committed by David Lord
parent 716edfdb29
commit c3d49e29ea
No known key found for this signature in database
GPG key ID: 7A1C87E3F5BC42A8
2 changed files with 25 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
flask/sessions.py
View file

@ -11,13 +11,14 @@
import uuid
import hashlib
from warnings import warn
from base64 import b64encode, b64decode
from datetime import datetime
from werkzeug.http import http_date, parse_date
from werkzeug.datastructures import CallbackDict
from . import Markup, json
from ._compat import iteritems, text_type
from .helpers import total_seconds
from .helpers import total_seconds, is_ip
from itsdangerous import URLSafeTimedSerializer, BadSignature
@ -336,6 +337,9 @@ class SecureCookieSessionInterface(SessionInterface):
def save_session(self, app, session, response):
domain = self.get_cookie_domain(app)
if domain is not None:
if is_ip(domain):
warnings.warn("IP introduced in SESSION_COOKIE_DOMAIN", RuntimeWarning)
path = self.get_cookie_path(app)
# Delete case. If there is no session we bail early.