From 277788e59330497f2739b3ac1c51c83e8a5f23a6 Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Sun, 7 Jun 2015 23:46:32 +0200 Subject: [PATCH] Generate new LT only then the previous has been used --- cas_server/views.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cas_server/views.py b/cas_server/views.py index 550d792..34a4576 100644 --- a/cas_server/views.py +++ b/cas_server/views.py @@ -130,7 +130,7 @@ class LoginView(View, LogoutMixin): # save LT for later check lt_valid = request.session.get('lt') lt_send = request.POST.get('lt') - # generate a new LT + # generate a new LT (by posting the LT has been consumed) request.session['lt'] = utils.gen_lt() # check if send LT is valid @@ -167,8 +167,8 @@ class LoginView(View, LogoutMixin): self.gateway = request.GET.get('gateway') self.method = request.GET.get('method') - # generate a new LT - request.session['lt'] = utils.gen_lt() + # generate a new LT if none is present + request.session['lt'] = request.session.get('lt', utils.gen_lt()) if not request.session.get("authenticated") or self.renew: self.init_form()