diff --git a/files/__main__.py b/files/__main__.py index 21d4e155b..56d413a99 100644 --- a/files/__main__.py +++ b/files/__main__.py @@ -106,10 +106,6 @@ def before_request(): g.timestamp = int(time.time()) - if not request.path.startswith("/assets") and not request.path.startswith("/images") and not request.path.startswith("/hostedimages"): - session.permanent = True - if not session.get("session_id"): session["session_id"] = secrets.token_hex(52) - if request.url.startswith("http://") and "localhost" not in app.config["SERVER_NAME"]: url = request.url.replace("http://", "https://", 1) return redirect(url, code=301) diff --git a/files/classes/user.py b/files/classes/user.py index 365e40118..cdb9368cf 100644 --- a/files/classes/user.py +++ b/files/classes/user.py @@ -300,8 +300,6 @@ class User(Base): @lazy def formkey(self): - if "session_id" not in session: session["session_id"] = token_hex(52) - msg = f"{session['session_id']}+{self.id}+{self.login_nonce}" return generate_hash(msg)