stages/user_login: only set last_ip in session if a binding is given (#8074)

This commit is contained in:
Jens L 2024-01-05 19:10:27 +01:00 committed by GitHub
parent c77ea41af0
commit 3e44e9d3f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions

View File

@ -109,7 +109,10 @@ class BoundSessionMiddleware(SessionMiddleware):
self.recheck_session_geo(configured_binding_geo, last_ip, new_ip) self.recheck_session_geo(configured_binding_geo, last_ip, new_ip)
# If we got to this point without any error being raised, we need to # If we got to this point without any error being raised, we need to
# update the last saved IP to the current one # update the last saved IP to the current one
request.session[SESSION_KEY_LAST_IP] = new_ip if SESSION_KEY_BINDING_NET in request.session or SESSION_KEY_BINDING_GEO in request.session:
# Only set the last IP in the session if there's a binding specified
# (== basically requires the user to be logged in)
request.session[SESSION_KEY_LAST_IP] = new_ip
AuthenticatedSession.objects.filter(session_key=request.session.session_key).update( AuthenticatedSession.objects.filter(session_key=request.session.session_key).update(
last_ip=new_ip, last_user_agent=request.META.get("HTTP_USER_AGENT", "") last_ip=new_ip, last_user_agent=request.META.get("HTTP_USER_AGENT", "")
) )