Fix session: read X-Session-Id header instead of cookie
Browse files
server.py
CHANGED
|
@@ -99,12 +99,14 @@ def _cleanup_expired_sessions():
|
|
| 99 |
|
| 100 |
|
| 101 |
def get_sd() -> dict:
|
| 102 |
-
"""Get or create per-session state dict.
|
| 103 |
-
|
|
|
|
|
|
|
| 104 |
if len(_SESSIONS) > 50:
|
| 105 |
_cleanup_expired_sessions()
|
| 106 |
|
| 107 |
-
sid = session.get("sid")
|
| 108 |
if not sid or sid not in _SESSIONS:
|
| 109 |
sid = str(uuid.uuid4())
|
| 110 |
session["sid"] = sid
|
|
|
|
| 99 |
|
| 100 |
|
| 101 |
def get_sd() -> dict:
|
| 102 |
+
"""Get or create per-session state dict.
|
| 103 |
+
Session ID is read from X-Session-Id header (set by the frontend),
|
| 104 |
+
falling back to Flask cookie session for backwards compatibility.
|
| 105 |
+
"""
|
| 106 |
if len(_SESSIONS) > 50:
|
| 107 |
_cleanup_expired_sessions()
|
| 108 |
|
| 109 |
+
sid = request.headers.get("X-Session-Id") or session.get("sid")
|
| 110 |
if not sid or sid not in _SESSIONS:
|
| 111 |
sid = str(uuid.uuid4())
|
| 112 |
session["sid"] = sid
|