Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

add note about non-bw-compat between SignedCookieSessionFactory and U…

…nencryptedCookieSessionFactory. Ref #1200.
  • Loading branch information...
commit ab579e223f7a719acd4dd2c5ddeeb70953bec0e7 1 parent 767e44f
@mcdonc mcdonc authored
Showing with 15 additions and 6 deletions.
  1. +7 −5 CHANGES.txt
  2. +8 −1 pyramid/session.py
View
12 CHANGES.txt
@@ -35,11 +35,13 @@ Features
See https://github.com/Pylons/pyramid/pull/1149
- Added a new ``SignedCookieSessionFactory`` which is very similar to the
- ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on
- signing content. The custom serializer arguments to this function should
- only focus on serializing, unlike its predecessor which required the
- serializer to also perform signing.
- See https://github.com/Pylons/pyramid/pull/1142
+ ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on signing
+ content. The custom serializer arguments to this function should only focus
+ on serializing, unlike its predecessor which required the serializer to also
+ perform signing. See https://github.com/Pylons/pyramid/pull/1142 . Note
+ that cookies generated using ``SignedCookieSessionFactory`` are not
+ compatible with cookies generated using ``UnencryptedCookieSessionFactory``,
+ so existing user session data will be destroyed if you switch to it.
- Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie
factory that can be used by framework implementors to create their own
View
9 pyramid/session.py
@@ -382,6 +382,10 @@ def UnencryptedCookieSessionFactoryConfig(
"""
.. deprecated:: 1.5
Use :func:`pyramid.session.SignedCookieSessionFactory` instead.
+ Caveat: Cookies generated using ``SignedCookieSessionFactory`` are not
+ compatible with cookies generated using
+ ``UnencryptedCookieSessionFactory``, so existing user session data will
+ be destroyed if you switch to it.
Configure a :term:`session factory` which will provide unencrypted
(but signed) cookie-based sessions. The return value of this
@@ -466,7 +470,10 @@ def dumps(self, appstruct):
deprecated(
'UnencryptedCookieSessionFactoryConfig',
'The UnencryptedCookieSessionFactoryConfig callable is deprecated as of '
- 'Pyramid 1.5. Use ``pyramid.session.SignedCookieSessionFactory`` instead.'
+ 'Pyramid 1.5. Use ``pyramid.session.SignedCookieSessionFactory`` instead. '
+ 'Caveat: Cookies generated using SignedCookieSessionFactory are not '
+ 'compatible with cookies generated using UnencryptedCookieSessionFactory, '
+ 'so existing user session data will be destroyed if you switch to it.'
)
def SignedCookieSessionFactory(
Please sign in to comment.
Something went wrong with that request. Please try again.