What was the root cause of the problem originally / what feature was missing?
When sending request to notifyRegTx with tx_id, it was possible to use the same request multiple times (until first postcard was created) to make server send multiple postcards to the same address
How does this pull request solve it (in broad terms)?
Session-stores rename the key when get method is called:
key -> locked:key
so that if get is called again with the same key, it is does not exist anymore.
Also, renaming is used in unset method to delete successfully used key from memory.
Also, a validation is added to check that session_key is a number, otherwise one could pass locked:key second time, then locked:locked:key, etc...
What is it? (leave one option)
(Fix)
What was the root cause of the problem originally / what feature was missing? When sending request to notifyRegTx with tx_id, it was possible to use the same request multiple times (until first postcard was created) to make server send multiple postcards to the same address
How does this pull request solve it (in broad terms)? Session-stores rename the key when
get
method is called:so that if
get
is called again with the samekey
, it is does not exist anymore. Also, renaming is used inunset
method to delete successfully used key from memory. Also, a validation is added to check that session_key is a number, otherwise one could passlocked:key
second time, thenlocked:locked:key
, etc...Does it close any open issues? Closes #105