File tree Expand file tree Collapse file tree 1 file changed +8
-3
lines changed
Expand file tree Collapse file tree 1 file changed +8
-3
lines changed Original file line number Diff line number Diff line change @@ -339,12 +339,17 @@ def _logged_out_post(
339339 response = super ().post (request , application = application , ** kwargs )
340340 # once they login, bind their user ID
341341 if request .user .is_authenticated :
342+ # Save OAuth payload before session regeneration
343+ oa2_payload = request .session .get ("oa2" )
344+
342345 # Regenerate session to prevent session fixation attacks
343346 request .session .cycle_key ()
344347
345- # Update OAuth payload with authenticated user ID for validation in post()
346- request .session ["oa2" ]["uid" ] = request .user .id
347- request .session .modified = True
348+ # Restore OAuth payload after session regeneration and update user ID
349+ if oa2_payload is not None :
350+ oa2_payload ["uid" ] = request .user .id
351+ request .session ["oa2" ] = oa2_payload
352+ request .session .modified = True
348353 return response
349354
350355 def post (self , request : HttpRequest , ** kwargs ) -> HttpResponseBase :
You can’t perform that action at this time.
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?v=4&size=40){kind=avatar}
0 commit comments