[#7906] in login post, pass a _session_id value in both POST and cookies, so it gets past CSRF checks

commit: 9e6be3a946d122d309c063bd2434fa6fa6b38acf [log] [tgz]
author: Dave Brondsema <dbrondsema@slashdotmedia.com> Mon Jun 29 18:01:36 2015 +0000
committer: Dave Brondsema <dbrondsema@slashdotmedia.com> Mon Jun 29 18:01:36 2015 +0000
tree: 6d1676a935d36cfe037efb36ffc7b76dc84b0b6d
parent: fbb8da9ea2dca83652faf4a61a8ad99b44e26ffb [diff]
diff --git a/scripts/ApacheAccessHandler.py b/scripts/ApacheAccessHandler.py
index 1af3714..1ee9ebc 100644
--- a/scripts/ApacheAccessHandler.py
+++ b/scripts/ApacheAccessHandler.py

@@ -115,7 +115,11 @@
     r = requests.post(auth_url, allow_redirects=False, data={
         'username': username,
         'password': password,
-        'return_to': '/login_successful'})
+        'return_to': '/login_successful',
+        '_session_id': 'this-is-our-session',
+    }, cookies={
+        '_session_id': 'this-is-our-session',
+    })
     return r.status_code == 302 and r.headers['location'].endswith('/login_successful')
commit	9e6be3a946d122d309c063bd2434fa6fa6b38acf	[log] [tgz]
author	Dave Brondsema <dbrondsema@slashdotmedia.com>	Mon Jun 29 18:01:36 2015 +0000
committer	Dave Brondsema <dbrondsema@slashdotmedia.com>	Mon Jun 29 18:01:36 2015 +0000
tree	6d1676a935d36cfe037efb36ffc7b76dc84b0b6d
parent	fbb8da9ea2dca83652faf4a61a8ad99b44e26ffb [diff]