yes, here is a sample controller
KEY='my secret key'
import hmac
def filter_cookies(x):
for key,morsel in request.cookies.items():
if key[:11]=='session_id_':continue
if morsel.value.find(':')<0:
del request.cookies[key]
continue
digest,value=morsel.value.split(':',1)
if hmac.new(KEY,value).hexdigest()==digest:
request.cookies[key]=value
else: del request.cookies[key]
print request.cookies
r=x()
for key,morsel in response.cookies.items():
if key[:11]=='session_id_':continue
digest=hmac.new(KEY,morsel.value).hexdigest()
response.cookies[key]='%s:%s' % (digest,morsel.value)
print response.cookies
return r
response._caller=filter_cookies
def index():
c=int(request.cookies['counter'].value) if
request.cookies.has_key('counter\
') else 0
c+=1
response.cookies['counter']=str(c)
return dict(message='cookie: %i'%c)
Mind that session cookies are not signed because a) they are parsed
before this code is executed and they are set after the code is
executed. b) they do not need to be parsed because they only contain a
uuid. Breaking the uuid is as difficult as breaking the signature.
You could also use a wsgi module to achieve the same. In that case all
cookies would be signed.
Massimo
On Oct 21, 9:53 am, pigmej <[EMAIL PROTECTED]> wrote:
> Is there any way to use signed cookies ?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
