daniel156161/quart-session
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor addr

Browse Source
This commit is contained in:
Sander
2020-01-06 10:19:16 +01:00
committed by sander
parent 4012836eee
commit b52e896ef0
1 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
quart_session/sessions.py
+5 -8
View File
@@ -105,8 +105,10 @@ class SessionInterface(QuartSessionInterface):
request: BaseRequestWebsocket
) -> Optional[SecureCookieSession]:
sid = request.cookies.get(app.session_cookie_name)
addr = request.headers.get('X-Forwarded-For', request.remote_addr) if \
self._config['SESSION_HIJACK_PROTECTION'] else None
if self._config['SESSION_HIJACK_REVERSE_PROXY'] is True:
addr = request.headers.get('X-Forwarded-For', request.remote_addr)
else:
addr = request.remote_addr
options = {"sid": sid, "permanent": self.permanent, "addr": addr}
if not sid:
@@ -139,12 +141,7 @@ class SessionInterface(QuartSessionInterface):
return self.session_class(**options)
prevent_hijack = self._config['SESSION_HIJACK_PROTECTION']
if prevent_hijack is True:
if self._config['SESSION_HIJACK_REVERSE_PROXY'] is True:
addr = request.headers.get('X-Forwarded-For', request.remote_addr)
else:
addr = request.remote_addr
if data.get('_addr', addr) != addr:
if prevent_hijack is True and data.get('_addr', addr) != addr:
await self._backend_delete(app, self.key_prefix + sid)
options['sid'] = self._generate_sid()
return self.session_class(**options)