Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-07-09 03:04:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

...

Browse Source
This commit is contained in:
Kovid Goyal 2012-04-03 18:45:35 +05:30
parent 734a0ba2e2
commit 5955aa775f
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/calibre/library/server/utils.py
View File

@ -69,6 +69,13 @@ class AuthController(object):
cookies are passed to the download process. The cookie expires after
MAX_AGE seconds.
The android browser appears to send a GET request to the server and only if
that request succeeds is the download handed off to the download process.
Therefore, even if the user clicks Get after MAX_AGE, it should still work.
In fact, we could reduce MAX_AGE, but we leave it high as the download
process might have downloads queued and therefore not start the download
immediately.
Note that this makes the server vulnerable to session-hijacking (i.e. some
one can sniff the traffic and create their own requests to /get with the
appropriate cookie, for an hour). The fix is to use https, but since this