lovdata-chat

torbjorn/lovdata-chat

Fork 0

Commit Graph

Author	SHA1	Message	Date
Torbjørn Lindahl	7dae8faf62	security: fix timing attack vulnerability and incorrect method call - Use secrets.compare_digest() for token comparison instead of == to prevent timing-based attacks that could leak token information - Fix rotate_session_auth_token() to call the correct method rotate_session_token() instead of non-existent rotate_session_auth_token()	2026-02-05 00:36:07 +01:00
Torbjørn Lindahl	2f5464e1d2	fixed all remaining issues with the session manager	2026-01-18 23:28:49 +01:00

Author

SHA1

Message

Date

Torbjørn Lindahl

7dae8faf62

security: fix timing attack vulnerability and incorrect method call

- Use secrets.compare_digest() for token comparison instead of == to
  prevent timing-based attacks that could leak token information
- Fix rotate_session_auth_token() to call the correct method
  rotate_session_token() instead of non-existent rotate_session_auth_token()

2026-02-05 00:36:07 +01:00

Torbjørn Lindahl

2f5464e1d2

fixed all remaining issues with the session manager

2026-01-18 23:28:49 +01:00

2 Commits