[Checkins] SVN: zope.session/branches/jim-dev/ checkpoint

Jim Fulton jim at zope.com
Fri Sep 12 09:46:35 EDT 2008 

Log message for revision 91083:
  checkpoint

Changed:
  U   zope.session/branches/jim-dev/buildout.cfg
  U   zope.session/branches/jim-dev/src/zope/session/http.py

-=-
Modified: zope.session/branches/jim-dev/buildout.cfg
===================================================================
--- zope.session/branches/jim-dev/buildout.cfg	2008-09-12 13:45:24 UTC (rev 91082)
+++ zope.session/branches/jim-dev/buildout.cfg	2008-09-12 13:46:35 UTC (rev 91083)
@@ -1,8 +1,12 @@
 [buildout]
 develop = . 
-parts = test
-find-links = http://download.zope.org/distribution/
+parts = test py
 
 [test]
 recipe = zc.recipe.testrunner
 eggs = zope.session [test]
+
+[py]
+recipe = zc.recipe.egg
+eggs = zope.session
+interpreter = py

Modified: zope.session/branches/jim-dev/src/zope/session/http.py
===================================================================
--- zope.session/branches/jim-dev/src/zope/session/http.py	2008-09-12 13:45:24 UTC (rev 91082)
+++ zope.session/branches/jim-dev/src/zope/session/http.py	2008-09-12 13:46:35 UTC (rev 91083)
@@ -92,6 +92,11 @@
             default=False,
             )
 
+    secure = schema.Bool(
+        title=_('Request Secure communication'),
+        required=False,
+        default=False,
+        )
 
 class CookieClientIdManager(zope.location.Location, Persistent):
     """Session utility implemented using cookies."""
@@ -100,6 +105,7 @@
 
     thirdparty = FieldProperty(ICookieClientIdManager['thirdparty'])
     cookieLifetime = FieldProperty(ICookieClientIdManager['cookieLifetime'])
+    secure = FieldProperty(ICookieClientIdManager['secure'])
 
     def __init__(self):
         self.namespace = "zope3_cs_%x" % (int(time.time()) - 1000000000)
@@ -158,8 +164,10 @@
                 raise MissingClientIdException
             else:
                 sid = self.generateUniqueId()
-
-        if not self.thirdparty:
+                self.setRequestId(request, sid)
+        elif (not self.thirdparty) and self.cookieLifetime:
+            # If we have a finite cookie lifetime, then set the cookie
+            # on each request to avoid losing it.
             self.setRequestId(request, sid)
 
         return sid
@@ -242,9 +250,12 @@
         if self.thirdparty:
             return sid
         else:
-            # If there is an id set on the response, use that but don't trust it.
-            # We need to check the response in case there has already been a new
-            # session created during the course of this request.
+            
+            # If there is an id set on the response, use that but
+            # don't trust it.  We need to check the response in case
+            # there has already been a new session created during the
+            # course of this request.
+
             if sid is None or len(sid) != 54:
                 return None
             s, mac = sid[:27], sid[27:]
@@ -261,7 +272,7 @@
 
         See the examples in getRequestId.
 
-        Note that the id is checkec for validity. Setting an
+        Note that the id is checked for validity. Setting an
         invalid value is silently ignored:
 
             >>> from zope.publisher.http import HTTPRequest
@@ -277,9 +288,6 @@
             >>> cookie['path'] == request.getApplicationURL(path_only=True)
             True
 
-        In the future, it should be the site containing the
-        CookieClientIdManager
-
         By default, session cookies don't expire:
 
             >>> cookie.has_key('expires')
@@ -313,6 +321,20 @@
           >>> bim.setRequestId(request, '1234')
           >>> cookie = request.response.getCookie(bim.namespace)
           >>> cookie
+
+        If the secure attribute is set to a true value, then the
+        secure cookie option is included.
+        
+          >>> bim.thirdparty = False
+          >>> bim.cookieLifetime = None
+          >>> request = HTTPRequest(StringIO(''), {}, None)
+          >>> bim.secure = True
+          >>> bim.setRequestId(request, '1234')
+          >>> print request.response.getCookie(bim.namespace)
+          {'path': '/', 'secure': True, 'value': '1234'}
+
+          
+
         """
         # TODO: Currently, the path is the ApplicationURL. This is reasonable,
         #     and will be adequate for most purposes.
@@ -327,21 +349,23 @@
             logger.warning('ClientIdManager is using thirdparty cookies, '
                 'ignoring setIdRequest call')
         else:
+            options = {}
             if self.cookieLifetime is not None:
                 if self.cookieLifetime:
                     expires = build_http_date(time.time() + self.cookieLifetime)
                 else:
                     expires = 'Tue, 19 Jan 2038 00:00:00 GMT'
-                request.response.setCookie(
-                        self.namespace, id, expires=expires,
-                        path=request.getApplicationURL(path_only=True)
-                        )
-            else:
-                request.response.setCookie(
-                        self.namespace, id,
-                        path=request.getApplicationURL(path_only=True)
-                        )
 
+                options['expires'] = expires
+
+            if self.secure:
+                options['secure'] = True
+
+            request.response.setCookie(
+                self.namespace, id,
+                path=request.getApplicationURL(path_only=True),
+                **options)
+
 def notifyVirtualHostChanged(event):
     """Adjust cookie paths when IVirtualHostRequest information changes.

More information about the Checkins mailing list