33 lines
1.9 KiB
Diff
33 lines
1.9 KiB
Diff
This repository doesn't seem to contain the Django source code. This is a different project. The issue is about Django's session handling. Let me understand the issue better and write a patch based on the traceback information provided.
|
|
|
|
Looking at the issue, the problem is in `django/contrib/sessions/backends/base.py`. The `_legacy_decode` method is called when the normal decode fails, but `_legacy_decode` itself can fail with `binascii.Error: Incorrect padding` when the session data is corrupted or invalid.
|
|
|
|
The fix should catch this exception and return an empty dictionary (like other decode errors), rather than letting it propagate and crash the application.
|
|
|
|
Based on the traceback:
|
|
1. Line 118: `decode()` tries `signing.loads()` which fails with `BadSignature`
|
|
2. Line 122: Falls back to `_legacy_decode()`
|
|
3. Line 126 in `_legacy_decode`: `base64.b64decode()` fails with `binascii.Error: Incorrect padding`
|
|
|
|
The fix should wrap the `_legacy_decode` method to handle `binascii.Error` exceptions and return an empty session dictionary.
|
|
|
|
Let me look at the commit referenced in the hints: `d4fff711d4c97356bd6ba1273d2a5e349326eb5f` which caused the regression.
|
|
|
|
Based on my understanding of the Django session code and the issue description, here's the patch:
|
|
|
|
--- a/django/contrib/sessions/backends/base.py
|
|
+++ b/django/contrib/sessions/backends/base.py
|
|
@@ -1,3 +1,4 @@
|
|
+import binascii
|
|
import logging
|
|
import string
|
|
from datetime import datetime, timedelta
|
|
@@ -121,7 +122,7 @@ class SessionBase:
|
|
return signing.loads(session_data, salt=self.key_salt, serializer=self.serializer)
|
|
# RemovedInDjango40Warning: when the deprecation ends, handle here
|
|
# exceptions similar to what _legacy_decode() does now.
|
|
- except signing.BadSignature:
|
|
+ except (signing.BadSignature, binascii.Error):
|
|
try:
|
|
return self._legacy_decode(session_data)
|
|
except Exception:
|