get lo user: fix 401 loop by clearing session on bad nonce
parent
d1f01d2dd7
commit
1ee7ec323a
|
@ -49,7 +49,9 @@ def get_logged_in_user():
|
|||
return None
|
||||
else:
|
||||
nonce = session.get("login_nonce", 0)
|
||||
if nonce < v.login_nonce or v.id != id: abort(401)
|
||||
if nonce < v.login_nonce or v.id != id:
|
||||
session.clear()
|
||||
return None
|
||||
|
||||
if request.method != "GET":
|
||||
submitted_key = request.values.get("formkey")
|
||||
|
|
Loading…
Reference in New Issue