The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 |
From: Simon Willison <si...@simonwillison.net>
Date: Fri, 25 Sep 2009 06:26:36 -0700 (PDT)
Local: Fri, Sep 25 2009 9:26 am
Subject: Re: Adding signing (and signed cookies) to Django core
On Sep 25, 1:57 pm, Marty Alchin <gulop...@gmail.com> wrote:
> I wish there was
We can do that by baking the timestamp the cookie was set in to the
> a way to sign the expiration as well, so people couldn't artificially > extend the life of the cookie, but since that doesn't come back in the > request, there'd be no way to validate it. signed cookie value, than doing our own check against that and discarding the cookie if it's expired. This pattern (signatures that expire) is common enough that I think it would be worth supporting in the low level django.utils.signed module - I've used timestamped signatures for things like "recover your account" links that expire 24 hours after being requested. The API would look something like this:
>>> s = signed.sign('value', timestamp=True)
A SignatureExpired exception would be raised if the signature was
>>> v = signed.unsign(s, expire_after=24 * 60 * 60) older than the expire_after argument (SignatureExpired would subclass BadSignature) Cheers,
Simon You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||