From 01583a3f8c5946ec4c7321acf192c595345e489b Mon Sep 17 00:00:00 2001 From: Joshua Parkin Date: Wed, 17 Jul 2024 14:49:00 +0100 Subject: [PATCH] fix: use unique variable name when clearing old state data to avoid setting state data to incorrect session key --- authlib/integrations/starlette_client/integration.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/authlib/integrations/starlette_client/integration.py b/authlib/integrations/starlette_client/integration.py index b6f68d2f..a92c8e3f 100644 --- a/authlib/integrations/starlette_client/integration.py +++ b/authlib/integrations/starlette_client/integration.py @@ -40,9 +40,9 @@ async def set_state_data(self, session: Optional[Dict[str, Any]], state: str, da await self.cache.set(key, json.dumps({'data': data}), self.expires_in) elif session is not None: # clear old state data to avoid session size growing - for key in list(session.keys()): - if key.startswith(key_prefix): - session.pop(key) + for old_key in list(session.keys()): + if old_key.startswith(key_prefix): + session.pop(old_key) now = time.time() session[key] = {'data': data, 'exp': now + self.expires_in}