[Checkins] SVN: zope.session/branches/jim-dev/ checkpoint
Jim Fulton
jim at zope.com
Fri Sep 12 09:46:35 EDT 2008
Log message for revision 91083:
checkpoint
Changed:
U zope.session/branches/jim-dev/buildout.cfg
U zope.session/branches/jim-dev/src/zope/session/http.py
-=-
Modified: zope.session/branches/jim-dev/buildout.cfg
===================================================================
--- zope.session/branches/jim-dev/buildout.cfg 2008-09-12 13:45:24 UTC (rev 91082)
+++ zope.session/branches/jim-dev/buildout.cfg 2008-09-12 13:46:35 UTC (rev 91083)
@@ -1,8 +1,12 @@
[buildout]
develop = .
-parts = test
-find-links = http://download.zope.org/distribution/
+parts = test py
[test]
recipe = zc.recipe.testrunner
eggs = zope.session [test]
+
+[py]
+recipe = zc.recipe.egg
+eggs = zope.session
+interpreter = py
Modified: zope.session/branches/jim-dev/src/zope/session/http.py
===================================================================
--- zope.session/branches/jim-dev/src/zope/session/http.py 2008-09-12 13:45:24 UTC (rev 91082)
+++ zope.session/branches/jim-dev/src/zope/session/http.py 2008-09-12 13:46:35 UTC (rev 91083)
@@ -92,6 +92,11 @@
default=False,
)
+ secure = schema.Bool(
+ title=_('Request Secure communication'),
+ required=False,
+ default=False,
+ )
class CookieClientIdManager(zope.location.Location, Persistent):
"""Session utility implemented using cookies."""
@@ -100,6 +105,7 @@
thirdparty = FieldProperty(ICookieClientIdManager['thirdparty'])
cookieLifetime = FieldProperty(ICookieClientIdManager['cookieLifetime'])
+ secure = FieldProperty(ICookieClientIdManager['secure'])
def __init__(self):
self.namespace = "zope3_cs_%x" % (int(time.time()) - 1000000000)
@@ -158,8 +164,10 @@
raise MissingClientIdException
else:
sid = self.generateUniqueId()
-
- if not self.thirdparty:
+ self.setRequestId(request, sid)
+ elif (not self.thirdparty) and self.cookieLifetime:
+ # If we have a finite cookie lifetime, then set the cookie
+ # on each request to avoid losing it.
self.setRequestId(request, sid)
return sid
@@ -242,9 +250,12 @@
if self.thirdparty:
return sid
else:
- # If there is an id set on the response, use that but don't trust it.
- # We need to check the response in case there has already been a new
- # session created during the course of this request.
+
+ # If there is an id set on the response, use that but
+ # don't trust it. We need to check the response in case
+ # there has already been a new session created during the
+ # course of this request.
+
if sid is None or len(sid) != 54:
return None
s, mac = sid[:27], sid[27:]
@@ -261,7 +272,7 @@
See the examples in getRequestId.
- Note that the id is checkec for validity. Setting an
+ Note that the id is checked for validity. Setting an
invalid value is silently ignored:
>>> from zope.publisher.http import HTTPRequest
@@ -277,9 +288,6 @@
>>> cookie['path'] == request.getApplicationURL(path_only=True)
True
- In the future, it should be the site containing the
- CookieClientIdManager
-
By default, session cookies don't expire:
>>> cookie.has_key('expires')
@@ -313,6 +321,20 @@
>>> bim.setRequestId(request, '1234')
>>> cookie = request.response.getCookie(bim.namespace)
>>> cookie
+
+ If the secure attribute is set to a true value, then the
+ secure cookie option is included.
+
+ >>> bim.thirdparty = False
+ >>> bim.cookieLifetime = None
+ >>> request = HTTPRequest(StringIO(''), {}, None)
+ >>> bim.secure = True
+ >>> bim.setRequestId(request, '1234')
+ >>> print request.response.getCookie(bim.namespace)
+ {'path': '/', 'secure': True, 'value': '1234'}
+
+
+
"""
# TODO: Currently, the path is the ApplicationURL. This is reasonable,
# and will be adequate for most purposes.
@@ -327,21 +349,23 @@
logger.warning('ClientIdManager is using thirdparty cookies, '
'ignoring setIdRequest call')
else:
+ options = {}
if self.cookieLifetime is not None:
if self.cookieLifetime:
expires = build_http_date(time.time() + self.cookieLifetime)
else:
expires = 'Tue, 19 Jan 2038 00:00:00 GMT'
- request.response.setCookie(
- self.namespace, id, expires=expires,
- path=request.getApplicationURL(path_only=True)
- )
- else:
- request.response.setCookie(
- self.namespace, id,
- path=request.getApplicationURL(path_only=True)
- )
+ options['expires'] = expires
+
+ if self.secure:
+ options['secure'] = True
+
+ request.response.setCookie(
+ self.namespace, id,
+ path=request.getApplicationURL(path_only=True),
+ **options)
+
def notifyVirtualHostChanged(event):
"""Adjust cookie paths when IVirtualHostRequest information changes.
More information about the Checkins
mailing list