File python-cookiesession.spec of Package python-cookiesession
# norootforbuild
Name: python-cookiesession
Version: 0.1
Release: 1
Summary: A secure way to hold Django session data in cookies
License: Apache 2.0
Group: Development/Libraries/Python
Source: cookiesession-%{version}.tar.gz
URL: http://opensource.washingtontimes.com/projects/cookiesession
BuildRequires: python-devel, python-setuptools
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: python-django
%{py_requires}
%if %{?suse_version: %{suse_version} > 1110} %{!?suse_version:1}
BuildArch: noarch
%endif
%description
This package contains a drop-in replacement middleware for
django.contrib.sessions.middleware.SessionMiddleware to store all session data in
a browser cookie instead of the database. The code is based on a snippet from Christopher Lenz.
To prevent user tampering the session dictionary goes through the following encoding steps:
* The session dictionary is converted into json
* A sha1 hash is made with the json and the site's SECRET_KEY
* The json and sha1 hash are concatenated, gzipped and base64 encoded.
Upon decoding:
* The cookie is base64 decoded and ungzipped
* The data is split into the sha1 hash and the json data
* The sha1 hash is regenerated from the received json data and the site's SECRET_KEY
* If the hashes don't match, a SuspiciousOperation exception is raised. If the hashes match,
the json data is converted into a python object and returned.
Author:
--------
Justin Quick, The Washington Times <jquick@washingtontimes.com>
%prep
%setup -q -n cookiesession-%{version}
%build
%{__python} setup.py build
%install
%{__python} setup.py install --prefix=%{_prefix} --root=%{buildroot} --record-rpm=INSTALLED_FILES
%files -f INSTALLED_FILES
%defattr(-,root,root)