[Checkins] SVN: zope.session/branches/jim-dev/src/zope/session/http.py checkpoint
Jim Fulton
jim at zope.com
Fri Sep 12 11:26:16 EDT 2008
Log message for revision 91091:
checkpoint
Changed:
U zope.session/branches/jim-dev/src/zope/session/http.py
-=-
Modified: zope.session/branches/jim-dev/src/zope/session/http.py
===================================================================
--- zope.session/branches/jim-dev/src/zope/session/http.py 2008-09-12 14:43:51 UTC (rev 91090)
+++ zope.session/branches/jim-dev/src/zope/session/http.py 2008-09-12 15:26:16 UTC (rev 91091)
@@ -142,6 +142,23 @@
>>> type(id) == type('')
True
+ We don't set the client id unless we need to, so, for example,
+ the second response doesn't have cookies set:
+
+ >>> request2.response._cookies
+ {}
+
+ An exception to this is if the cookieLifetime is set to a
+ non-zero integer value, in which case we do set it on every
+ request, regardless of when it was last set:
+
+ >>> bim.cookieLifetime = 3600 # one hour
+ >>> id == bim.getClientId(request2)
+ True
+
+ >>> bool(request2.response._cookies)
+ True
+
It's also possible to use third-party cookies. E.g. Apache `mod_uid`
or Nginx `ngx_http_userid_module` are able to issue user tracking
cookies in front of Zope. In case thirdparty is activated Zope may
@@ -333,8 +350,17 @@
>>> print request.response.getCookie(bim.namespace)
{'path': '/', 'secure': True, 'value': '1234'}
-
+ When the cookie is set, cache headers are added to the
+ response to try to prevent the cookie header from being cached:
+
+ >>> request.response.getHeader('Cache-Control')
+ 'no-cache="Set-Cookie,Set-Cookie2"'
+ >>> request.response.getHeader('Pragma')
+ 'no-cache'
+ >>> request.response.getHeader('Expires')
+ 'Mon, 26 Jul 1997 05:00:00 GMT'
+
"""
# TODO: Currently, the path is the ApplicationURL. This is reasonable,
# and will be adequate for most purposes.
@@ -348,24 +374,30 @@
if self.thirdparty:
logger.warning('ClientIdManager is using thirdparty cookies, '
'ignoring setIdRequest call')
- else:
- options = {}
- if self.cookieLifetime is not None:
- if self.cookieLifetime:
- expires = build_http_date(time.time() + self.cookieLifetime)
- else:
- expires = 'Tue, 19 Jan 2038 00:00:00 GMT'
+ return
- options['expires'] = expires
+ response = request.response
+ options = {}
+ if self.cookieLifetime is not None:
+ if self.cookieLifetime:
+ expires = build_http_date(time.time() + self.cookieLifetime)
+ else:
+ expires = 'Tue, 19 Jan 2038 00:00:00 GMT'
- if self.secure:
- options['secure'] = True
+ options['expires'] = expires
- request.response.setCookie(
- self.namespace, id,
- path=request.getApplicationURL(path_only=True),
- **options)
+ if self.secure:
+ options['secure'] = True
+ response.setCookie(
+ self.namespace, id,
+ path=request.getApplicationURL(path_only=True),
+ **options)
+
+ response.setHeader('Cache-Control', 'no-cache="Set-Cookie,Set-Cookie2"')
+ response.setHeader('Pragma', 'no-cache')
+ response.setHeader('Expires', 'Mon, 26 Jul 1997 05:00:00 GMT')
+
def notifyVirtualHostChanged(event):
"""Adjust cookie paths when IVirtualHostRequest information changes.
More information about the Checkins
mailing list