Wow. This looks great. I wish I knew about it sooner. Digging into the code, there was a PR to split things out and support JSON serialization – however there are no unit tests covering this or docs for it. @Delta do you know of any public examples of this usage? If so I'd be happy to play around with it and generate a PR for unit tests.
I often manually generate and read encrypted cookies, which can be a chore. This would be incredibly useful to me in a few projects. On Thursday, November 30, 2023 at 2:48:03 PM UTC-5 Delta Regeer wrote: > Use > https://docs.pylonsproject.org/projects/pyramid-nacl-session/en/latest/usage.html > > It encrypts the session the is stored in the cookie with NACL. No longer > is the content if the cookie something that an attacker can read/do > anything with. > > > On Nov 28, 2023, at 12:12, Scott Lawton <scott.s...@gmail.com> wrote: > > Some followup: > - > https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html > has a big section in red: 'By default the SignedCookieSessionFactory() > <https://docs.pylonsproject.org/projects/pyramid/en/latest/api/session.html#pyramid.session.SignedCookieSessionFactory> > implementation > contains the following security concerns: > > ... which seems to argue against session, but maybe doesn't apply to > access/refresh tokens? And/or maybe setting the cookie like we do isn't any > better? > > We also tried to follow > https://docs.pylonsproject.org/projects/pyramid/en/latest/whatsnew-2.0.html#upgrading-auth-20 > > ... but not sure we did so correctly. That's what we're looking for > feedback! > > Scott > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to pylons-discus...@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/pylons-discuss/2dedd1e5-cffc-45c4-84b6-ebb142a68368n%40googlegroups.com > > <https://groups.google.com/d/msgid/pylons-discuss/2dedd1e5-cffc-45c4-84b6-ebb142a68368n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/b8039844-e54d-4b80-be42-ec56dca2e066n%40googlegroups.com.
