fsdfds

2021-12-21 01:56:48 +02:00 · 2021-12-21 01:56:48 +02:00 · 035ecf98d0
parent 927f84dcea
commit 035ecf98d0
3 changed files with 4 additions and 4 deletions
--- a/files/main.py
+++ b/files/main.py
@ -109,7 +109,7 @@ def before_request():

 	if not request.path.startswith("/assets") and not request.path.startswith("/images") and not request.path.startswith("/hostedimages"):
 		session.permanent = True
-		if not session.get("session_id"): session["session_id"] = secrets.token_hex(16)
+		if not session.get("session_id"): session["session_id"] = secrets.token_hex(50)

 	if request.url.startswith("http://") and "localhost" not in app.config["SERVER_NAME"]:
 		url = request.url.replace("http://", "https://", 1)
--- a/files/classes/user.py
+++ b/files/classes/user.py
@ -302,7 +302,7 @@ class User(Base):
 	def formkey(self):

 		if "session_id" not in session:
-			session["session_id"] = token_hex(16)
+			session["session_id"] = token_hex(50)

 		msg = f"{session['session_id']}+{self.id}+{self.login_nonce}"

--- a/files/routes/login.py
+++ b/files/routes/login.py
@ -136,7 +136,7 @@ def login_post():

 	session["user_id"] = account.id
 	session["logged_in"] = account.id
-	session["session_id"] = token_hex(16)
+	session["session_id"] = token_hex(50)
 	session["login_nonce"] = account.login_nonce
 	session.permanent = True

@ -343,7 +343,7 @@ def sign_up_post(v):

 	session["user_id"] = new_user.id
 	session["logged_in"] = new_user.id
-	session["session_id"] = token_hex(16)
+	session["session_id"] = token_hex(50)

 	g.db.commit()