forked from thomaspatzke/NastyWebHackme
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ServerSideSession.py
33 lines (26 loc) · 988 Bytes
/
ServerSideSession.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
from flask.sessions import SessionInterface, SessionMixin
from uuid import uuid4
uuid = uuid4
# !!! WARNING !!!
# This session management implementation intentionally contains vulnerabilities.
# DON'T USE IT!
class VolatileServerSideSessionInterface(SessionInterface):
cookie_name = "vsessid"
sessions = dict()
def open_session(self, app, request):
sid = request.cookies.get(self.cookie_name)
if not sid:
sid = str(uuid())
if sid not in self.sessions:
self.sessions[sid] = VolatileServerSideSession(sid)
return self.sessions[sid]
def save_session(self, app, session, response):
if not session.sid:
response.delete_cookie(self.cookie_name)
elif session.new:
response.set_cookie(self.cookie_name, session.sid)
session.new = False
class VolatileServerSideSession(dict, SessionMixin):
def __init__(self, sid):
self.sid = sid
self.new = True