Commit 277788e5 authored by Valentin Samir's avatar Valentin Samir
Browse files

Generate new LT only then the previous has been used

parent fe8c74ba
......@@ -130,7 +130,7 @@ class LoginView(View, LogoutMixin):
# save LT for later check
lt_valid = request.session.get('lt')
lt_send = request.POST.get('lt')
# generate a new LT
# generate a new LT (by posting the LT has been consumed)
request.session['lt'] = utils.gen_lt()
# check if send LT is valid
......@@ -167,8 +167,8 @@ class LoginView(View, LogoutMixin):
self.gateway = request.GET.get('gateway')
self.method = request.GET.get('method')
# generate a new LT
request.session['lt'] = utils.gen_lt()
# generate a new LT if none is present
request.session['lt'] = request.session.get('lt', utils.gen_lt())
if not request.session.get("authenticated") or self.renew:
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment