forked from rDrama/rDrama
get lo user: fix 401 loop by clearing session on bad nonce
parent
d1f01d2dd7
commit
1ee7ec323a
|
@ -49,7 +49,9 @@ def get_logged_in_user():
|
||||||
return None
|
return None
|
||||||
else:
|
else:
|
||||||
nonce = session.get("login_nonce", 0)
|
nonce = session.get("login_nonce", 0)
|
||||||
if nonce < v.login_nonce or v.id != id: abort(401)
|
if nonce < v.login_nonce or v.id != id:
|
||||||
|
session.clear()
|
||||||
|
return None
|
||||||
|
|
||||||
if request.method != "GET":
|
if request.method != "GET":
|
||||||
submitted_key = request.values.get("formkey")
|
submitted_key = request.values.get("formkey")
|
||||||
|
|
Loading…
Reference in New Issue