pallets-eco · idoshr · Apr 25, 2024 · Aug 9, 2024 · Aug 13, 2024 · Aug 13, 2024
diff --git a/src/flask_session/base.py b/src/flask_session/base.py
@@ -194,7 +194,10 @@ def __init__(
 
     def _generate_sid(self, session_id_length: int) -> str:
         """Generate a random session id."""
-        return secrets.token_urlsafe(session_id_length)
+        new_sid = secrets.token_urlsafe(session_id_length)
+        if self._retrieve_session_data(new_sid):
+            raise RuntimeError("Session ID already exists in the database.")
+        return new_sid
 
     # TODO: Remove in 1.0.0
     def _get_signer(self, app: Flask) -> Signer:

diff --git a/src/flask_session/dynamodb/dynamodb.py b/src/flask_session/dynamodb/dynamodb.py
@@ -143,11 +143,14 @@ def _create_table(self):
 
     def _retrieve_session_data(self, store_id: str) -> Optional[dict]:
         # Get the saved session (document) from the database
-        document = self.store.get_item(Key={"id": store_id}).get("Item")
-        session_is_not_expired = Decimal(datetime.utcnow().timestamp()) <= document.get(
+        try:
+            document = self.store.get_item(Key={"id": store_id}).get("Item")
+        except self.client.meta.client.exceptions.ResourceNotFoundException:
+            return None
+
+        if document and Decimal(datetime.utcnow().timestamp()) <= document.get(
             "expiration"
-        )
-        if document and session_is_not_expired:
+        ):
             serialized_session_data = want_bytes(document.get("val").value)
             return self.serializer.loads(serialized_session_data)
         return None