Permalink
Browse files

update docs and demo to highlight a "gotcha" - don't dynamically gene…

…rate your secret key or existing sessions will be invalidated every time your app runs!
  • Loading branch information...
1 parent ad45c8e commit c51184db95d6e97305faed0aae7f3d3fc4b1242b @dound committed Jul 10, 2010
Showing with 12 additions and 1 deletion.
  1. +4 −0 demo-with-google-logins/appengine_config.py
  2. +4 −0 demo/appengine_config.py
  3. +4 −1 gaesessions/__init__.py
@@ -1,6 +1,10 @@
from gaesessions import SessionMiddleware
# suggestion: generate your own random key using os.urandom(64)
+# WARNING: Make sure you run os.urandom(64) OFFLINE and copy/paste the output to
+# this file. If you use os.urandom() to *dynamically* generate your key at
+# runtime then any existing sessions will become junk every time you start,
+# deploy, or update your app!
import os
COOKIE_KEY = 'do not use this key'
View
@@ -1,6 +1,10 @@
from gaesessions import SessionMiddleware
# suggestion: generate your own random key using os.urandom(64)
+# WARNING: Make sure you run os.urandom(64) OFFLINE and copy/paste the output to
+# this file. If you use os.urandom() to *dynamically* generate your key at
+# runtime then any existing sessions will become junk every time you start,
+# deploy, or update your app!
import os
COOKIE_KEY = 'do not use this key'
View
@@ -386,7 +386,10 @@ class SessionMiddleware(object):
``cookie_key`` - A key used to secure cookies so users cannot modify their
content. Keys should be at least 32 bytes (RFC2104). Tip: generate your
- key using ``os.urandom(64)``.
+ key using ``os.urandom(64)`` but do this OFFLINE and copy/paste the output
+ into a string which you pass in as ``cookie_key``. If you use ``os.urandom()``
+ to dynamically generate your key at runtime then any existing sessions will
+ become junk every time your app starts up!
``lifetime`` - ``datetime.timedelta`` that specifies how long a session may last. Defaults to 7 days.

0 comments on commit c51184d

Please sign in to comment.