>> Baseconv is a clever bit of work. It should probably be using our full >> base64 charset. We could also shave some digits in the time-limited >> output there by subtracting from a more recent fixed value than the >> unix epoch, the way the password reset token code does. > > The TimeStampSigner requires the seconds to correct determine whether the > signature is still valid, so I'm not sure if that's a good idea. If you > have an idea to have both thing, I'd appreciate any help.
If we subtract 1e9 from our timestamp, we get a 5 digit timestamp rather than 6 for the next 19 years. If we add - and _ to our allowed characterset, we extend that to 24 years. int(time.time()) == 1305761382 base62.encode(1305761382) == '1QMqBS' base62.encode(1305761382) == 'KgwVC' Shaving 1 character seems like an overoptimization, except that we're talking about storing values in cookies, where space is already very limited. I'll see if I can find you on IRC to discuss the salting. -Paul -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
