Commit 99414f47 authored by Linus Lewandowski's avatar Linus Lewandowski

Store auth requests in session, not in cookies.

parent a6d6eb80
......@@ -38,7 +38,7 @@ def _load_data(request):
return
try:
return id, json.loads(request.COOKIES['auth_request_' + id])
return id, json.loads(request.session['auth_requests'][id])
except Exception as e:
log.warning(e)
......
......@@ -48,7 +48,7 @@ class AuthorizationView(View):
id = uuid4().hex
res = redirect(reverse('openid_provider:select-account') + '?request=' + id)
res.set_cookie('auth_request_' + id, data)
request.session.setdefault('auth_requests', {})[id] = data
return res
except OAuthError as e:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment