ynerant/django-cas-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Generate new LT only then the previous has been used

Browse Source
This commit is contained in:
Valentin Samir
2015-06-07 23:46:32 +02:00
parent fe8c74ba08
commit 277788e593
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cas_server/views.py
View File

@@ -130,7 +130,7 @@ class LoginView(View, LogoutMixin):
# save LT for later check
lt_valid = request.session.get('lt')
lt_send = request.POST.get('lt')
# generate a new LT
# generate a new LT (by posting the LT has been consumed)
request.session['lt'] = utils.gen_lt()
# check if send LT is valid
@@ -167,8 +167,8 @@ class LoginView(View, LogoutMixin):
self.gateway = request.GET.get('gateway')
self.method = request.GET.get('method')
# generate a new LT
request.session['lt'] = utils.gen_lt()
# generate a new LT if none is present
request.session['lt'] = request.session.get('lt', utils.gen_lt())
if not request.session.get("authenticated") or self.renew:
self.init_form()