#16182: TimestampSigner should use a more precise timestamp
-------------------------------------+-------------------------------------
Reporter: floguy | Owner: floguy
Type: Bug | Status: reopened
Milestone: | Component: Core (Other)
Version: SVN | Severity: Normal
Resolution: | Keywords:
Triage Stage: Design | Has patch: 1
decision needed | Needs tests: 0
Needs documentation: 0 | Easy pickings: 0
Patch needs improvement: 0 |
UI/UX: 0 |
-------------------------------------+-------------------------------------
Changes (by PaulM):
* status: closed => reopened
* needs_better_patch: 1 => 0
* resolution: fixed =>
* stage: Ready for checkin => Design decision needed
Comment:
I see this is already committed, but I'd like to raise an objection
anyway. The timestamp signer was deliberately only using second-level
precision. Multiplying by 10,000 significantly increases the length of our
sig that we're storing in the already very limited 4095 bytes of the
cookie space. We don't want to take up another couple of those when a user
can be storing data there.
I'll go into more detail in #16199, but signed cookies like this don't
need this functionality for rotation. We're not invalidating any data on
the backend, and a previously signed cookie is still technically valid
until it expires even if we've rotated it on the users end.
--
Ticket URL: <https://code.djangoproject.com/ticket/16182#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
