> Would expire_after on the unsign just automatically imply
> timestamp=True? There's been a lot of concern raised about parity in
> the API, and it reads a little weird with the two different arguments.
> I'm not sure it's a problem, but it's just a little funny.
Regarding parity, let me advertise a Signer object again:
signer = signed.Signer(
key=settings.SECRET_KEY,
expire_after=3600
)
s = signer.sign(v)
v = signer.unsign(s)
signer.set_cookie(response, name, value)
signer.get_cookie(request, name)
# or:
signer.get_cookies(request)[name]
# transparently sign cookies set via response.set_cookie()
# and unsign cookies in request.COOKIES in place:
@signer.sign_cookies
def view0(request):
...
@signer.sign_cookies('cookie', 'names')
def view1(request):
...
This would make more options and customization feasible (by
subclassing):
- put signatures in separate cookies (or a single separate cookie)
- automatically include request.user.id (to prevent users from
sharing cookies)
- swap out the hash, serialization, or compression algorithm without
changing the token format
- customize when and how expiration is determined
__
Johannes
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
