diff --git a/cms/server/contest/handlers/base.py b/cms/server/contest/handlers/base.py index 066631fd44..4c84c443df 100644 --- a/cms/server/contest/handlers/base.py +++ b/cms/server/contest/handlers/base.py @@ -34,8 +34,8 @@ from __future__ import print_function from __future__ import unicode_literals +import json import logging -import pickle import socket import struct import traceback @@ -224,7 +224,7 @@ def _get_current_user_from_cookie(self): # Parse cookie. try: - cookie = pickle.loads(self.get_secure_cookie("login")) + cookie = json.loads(self.get_secure_cookie("login")) username = cookie[0] password = cookie[1] last_update = make_datetime(cookie[2]) @@ -257,9 +257,9 @@ def _get_current_user_from_cookie(self): if self.refresh_cookie: self.set_secure_cookie("login", - pickle.dumps((username, - password, - make_timestamp())), + json.dumps([username, + password, + make_timestamp()]), expires_days=None) return participation diff --git a/cms/server/contest/handlers/main.py b/cms/server/contest/handlers/main.py index a5a68247a7..c3ebe7dfea 100644 --- a/cms/server/contest/handlers/main.py +++ b/cms/server/contest/handlers/main.py @@ -34,7 +34,6 @@ import json import logging -import pickle import tornado.web @@ -117,9 +116,9 @@ def post(self): logger.info("User logged in: user=%s remote_ip=%s.", filtered_user, self.request.remote_ip) self.set_secure_cookie("login", - pickle.dumps((user.username, - correct_password, - make_timestamp())), + json.dumps([user.username, + correct_password, + make_timestamp()]), expires_days=None) self.redirect(next_page)