Permalink
Comparing changes
Open a pull request
- 8 commits
- 4 files changed
- 0 commit comments
- 2 contributors
Commits on May 24, 2018
Commits on Jun 06, 2018
Unified
Split
Showing
with
24 additions
and 5 deletions.
- +3 −1 CONTRIBUTORS.txt
- +16 −0 pyramid/session.py
- +4 −3 pyramid/tests/test_session.py
- +1 −1 setup.py
| @@ -319,4 +319,6 @@ Contributors | ||
| - Hunter Senft-Grupp, 2018/05/14 | ||
| - Junhak Lee, 2018/05/14 | ||
| - Junhak Lee, 2018/05/14 | ||
| - Alex Gaynor, 2018/05/24 | ||
| @@ -135,6 +135,7 @@ def BaseCookieSessionFactory( | ||
| domain=None, | ||
| secure=False, | ||
| httponly=False, | ||
| samesite='Lax', | ||
| timeout=1200, | ||
| reissue_time=0, | ||
| set_on_exception=True, | ||
| @@ -187,6 +188,9 @@ def BaseCookieSessionFactory( | ||
| Hide the cookie from Javascript by setting the 'HttpOnly' flag of the | ||
| session cookie. Default: ``False``. | ||
| ``samesite`` | ||
| The 'samesite' option of the session cookie. Default ``'Lax'``. | ||
| ``timeout`` | ||
| A number of seconds of inactivity before a session times out. If | ||
| ``None`` then the cookie never expires. This lifetime only applies | ||
| @@ -229,6 +233,7 @@ class CookieSession(dict): | ||
| _cookie_domain = domain | ||
| _cookie_secure = secure | ||
| _cookie_httponly = httponly | ||
| _cookie_samesite = samesite | ||
| _cookie_on_exception = set_on_exception | ||
| _timeout = timeout if timeout is None else int(timeout) | ||
| _reissue_time = reissue_time if reissue_time is None else int(reissue_time) | ||
| @@ -367,6 +372,7 @@ def _set_cookie(self, response): | ||
| domain=self._cookie_domain, | ||
| secure=self._cookie_secure, | ||
| httponly=self._cookie_httponly, | ||
| samesite=self._cookie_samesite, | ||
| ) | ||
| return True | ||
| @@ -382,6 +388,7 @@ def UnencryptedCookieSessionFactoryConfig( | ||
| cookie_domain=None, | ||
| cookie_secure=False, | ||
| cookie_httponly=False, | ||
| cookie_samesite='Lax', | ||
| cookie_on_exception=True, | ||
| signed_serialize=signed_serialize, | ||
| signed_deserialize=signed_deserialize, | ||
| @@ -434,6 +441,9 @@ def UnencryptedCookieSessionFactoryConfig( | ||
| ``cookie_httponly`` | ||
| The 'httpOnly' flag of the session cookie. | ||
| ``cookie_samesite`` | ||
| The 'samesite' option of the session cookie. Default: ``'Lax'``. | ||
| ``cookie_on_exception`` | ||
| If ``True``, set a session cookie even if an exception occurs | ||
| while rendering a view. | ||
| @@ -469,6 +479,7 @@ def dumps(self, appstruct): | ||
| domain=cookie_domain, | ||
| secure=cookie_secure, | ||
| httponly=cookie_httponly, | ||
| samesite=cookie_samesite, | ||
| timeout=timeout, | ||
| reissue_time=0, # to keep session.accessed == session.renewed | ||
| set_on_exception=cookie_on_exception, | ||
| @@ -491,6 +502,7 @@ def SignedCookieSessionFactory( | ||
| domain=None, | ||
| secure=False, | ||
| httponly=False, | ||
| samesite='Lax', | ||
| set_on_exception=True, | ||
| timeout=1200, | ||
| reissue_time=0, | ||
| @@ -553,6 +565,9 @@ def SignedCookieSessionFactory( | ||
| Hide the cookie from Javascript by setting the 'HttpOnly' flag of the | ||
| session cookie. Default: ``False``. | ||
| ``samesite`` | ||
| The 'samesite' option of the session cookie. Default: ``'Lax'``. | ||
| ``timeout`` | ||
| A number of seconds of inactivity before a session times out. If | ||
| ``None`` then the cookie never expires. This lifetime only applies | ||
| @@ -608,6 +623,7 @@ def SignedCookieSessionFactory( | ||
| domain=domain, | ||
| secure=secure, | ||
| httponly=httponly, | ||
| samesite=samesite, | ||
| timeout=timeout, | ||
| reissue_time=reissue_time, | ||
| set_on_exception=set_on_exception, | ||
| @@ -145,13 +145,14 @@ def test__set_cookie_options(self): | ||
| response = Response() | ||
| self.assertEqual(session._set_cookie(response), True) | ||
| cookieval = response.headerlist[-1][1] | ||
| val, domain, path, secure, httponly = [x.strip() for x in | ||
| cookieval.split(';')] | ||
| val, domain, path, secure, httponly, samesite = [x.strip() for x in | ||
| cookieval.split(';')] | ||
| self.assertTrue(val.startswith('abc=')) | ||
| self.assertEqual(domain, 'Domain=localhost') | ||
| self.assertEqual(path, 'Path=/foo') | ||
| self.assertEqual(secure, 'secure') | ||
| self.assertEqual(httponly, 'HttpOnly') | ||
| self.assertEqual(samesite, 'SameSite=Lax') | ||
| def test_flash_default(self): | ||
| request = testing.DummyRequest() | ||
| @@ -503,7 +504,7 @@ def test_serialize_option(self): | ||
| expected_cookieval = dummy_signed_serialize( | ||
| (session.accessed, session.created, {'key': 'value'}), secret) | ||
| response = Response() | ||
| response.set_cookie('session', expected_cookieval) | ||
| response.set_cookie('session', expected_cookieval, samesite='Lax') | ||
| expected_cookie = response.headerlist[-1][1] | ||
| self.assertEqual(cookie, expected_cookie) | ||
| @@ -29,7 +29,7 @@ def readfile(name): | ||
| 'setuptools', | ||
| 'translationstring >= 0.4', # py3 compat | ||
| 'venusian >= 1.0', # ``ignore`` | ||
| 'webob >= 1.8.0', # acceptparse.create_accept_header | ||
| 'webob >= 1.8.2', # cookies.make_cookie allows non-bytes samesite | ||
| 'zope.deprecation >= 3.5.0', # py3 compat | ||
| 'zope.interface >= 3.8.0', # has zope.interface.registry | ||
| ] | ||