Prevent modifying the session unless necessary

maxcountryman / flask-seasurf

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

http://readthedocs.org/docs/flask-seasurf/

Other

190 stars 49 forks source link

Prevent modifying the session unless necessary #17

Closed martynsmith closed 12 years ago

martynsmith commented 12 years ago

I noticed that the seasurf plugin is using the flask.session object to store its state during the request. While this means that it won't set a CSRF cookie unless it has to, it does mean that the session is modified when really there's no requirement to do so.

I've written this patch to instead store the request state in the flask.g object so that the seasurf plugin doesn't force creation of a session.

travisbot commented 12 years ago

This pull request passes (merged a9823c76 into 7f7ce72d).

maxcountryman commented 12 years ago

Great. Thanks! :cake: