A secure way to hold Django session data in cookies
This package contains a drop-in replacement middleware for
django.contrib.sessions.middleware.SessionMiddleware to store all session data in
a browser cookie instead of the database. The code is based on a snippet from Christopher Lenz.
To prevent user tampering the session dictionary goes through the following encoding steps:
* The session dictionary is converted into json
* A sha1 hash is made with the json and the site's SECRET_KEY
* The json and sha1 hash are concatenated, gzipped and base64 encoded.
Upon decoding:
* The cookie is base64 decoded and ungzipped
* The data is split into the sha1 hash and the json data
* The sha1 hash is regenerated from the received json data and the site's SECRET_KEY
* If the hashes don't match, a SuspiciousOperation exception is raised. If the hashes match,
the json data is converted into a python object and returned.
Author:
--------
Justin Quick, The Washington Times
- Links to devel:lan...hon:misc / python-cookiesession
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:jayvdb:branches:devel:languages:python:misc/python-cookiesession && cd $_
- Create Badge
Source Files (show unmerged sources)
Filename | Size | Changed |
---|---|---|
cookiesession-0.1.tar.gz | 0000505165 493 KB | |
python-cookiesession.changes | 0000000163 163 Bytes | |
python-cookiesession.spec | 0000001822 1.78 KB |
Comments 0