diff options
Diffstat (limited to 'django/contrib/sessions/backends/base.py')
| -rw-r--r-- | django/contrib/sessions/backends/base.py | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/django/contrib/sessions/backends/base.py b/django/contrib/sessions/backends/base.py index b40fba6e6e..7153b8a267 100644 --- a/django/contrib/sessions/backends/base.py +++ b/django/contrib/sessions/backends/base.py @@ -1,5 +1,4 @@ import base64 -import md5 import os import random import sys @@ -12,6 +11,7 @@ except ImportError: from django.conf import settings from django.core.exceptions import SuspiciousOperation +from django.utils.hashcompat import md5_constructor class SessionBase(object): @@ -73,13 +73,13 @@ class SessionBase(object): def encode(self, session_dict): "Returns the given session dictionary pickled and encoded as a string." pickled = pickle.dumps(session_dict, pickle.HIGHEST_PROTOCOL) - pickled_md5 = md5.new(pickled + settings.SECRET_KEY).hexdigest() + pickled_md5 = md5_constructor(pickled + settings.SECRET_KEY).hexdigest() return base64.encodestring(pickled + pickled_md5) def decode(self, session_data): encoded_data = base64.decodestring(session_data) pickled, tamper_check = encoded_data[:-32], encoded_data[-32:] - if md5.new(pickled + settings.SECRET_KEY).hexdigest() != tamper_check: + if md5_constructor(pickled + settings.SECRET_KEY).hexdigest() != tamper_check: raise SuspiciousOperation("User tampered with session cookie.") try: return pickle.loads(pickled) @@ -117,8 +117,8 @@ class SessionBase(object): # No getpid() in Jython, for example pid = 1 while 1: - session_key = md5.new("%s%s%s%s" % (random.randint(0, sys.maxint - 1), - pid, time.time(), settings.SECRET_KEY)).hexdigest() + session_key = md5_constructor("%s%s%s%s" % (random.randint(0, sys.maxint - 1), + pid, time.time(), settings.SECRET_KEY)).hexdigest() if not self.exists(session_key): break return session_key |