Store auth requests in session, not in cookies.

99414f47 · Linus Lewandowski · a6d6eb80 · 99414f47 · 99414f47
Commit 99414f47 authored Sep 18, 2017 by Linus Lewandowski
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

auth_request.py aiakos/openid_provider/views/auth_request.py +1 -1

authorization.py aiakos/openid_provider/views/authorization.py +1 -1

No files found.
--- a/aiakos/openid_provider/views/auth_request.py
+++ b/aiakos/openid_provider/views/auth_request.py
@@ -38,7 +38,7 @@ def _load_data(request):
 			return

 	try:
-		return id, json.loads(request.COOKIES['auth_request_' + id])
+		return id, json.loads(request.session['auth_requests'][id])
 	except Exception as e:
 		log.warning(e)


--- a/aiakos/openid_provider/views/authorization.py
+++ b/aiakos/openid_provider/views/authorization.py
@@ -48,7 +48,7 @@ class AuthorizationView(View):
 			id = uuid4().hex

 			res = redirect(reverse('openid_provider:select-account') + '?request=' + id)
-			res.set_cookie('auth_request_' + id, data)
+			request.session.setdefault('auth_requests', {})[id] = data
 			return res

 		except OAuthError as e: