From 6a60e531e14c2dc7a10c1b4c9aa10efe9f321c78 Mon Sep 17 00:00:00 2001 From: MinRK Date: Tue, 28 May 2013 13:23:01 -0700 Subject: [PATCH 1/3] base default cookie name on request host+port instead of random. The random cookie name meant that every time you restarted the notebook it would get a new key in the cookie for the same host, resulting in an ever-growing cookie full of obsolete data. --- IPython/frontend/html/notebook/base/handlers.py | 5 ++++- IPython/frontend/html/notebook/notebookapp.py | 1 - 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/IPython/frontend/html/notebook/base/handlers.py b/IPython/frontend/html/notebook/base/handlers.py index e317ebdb06f..5a4dcd398e6 100644 --- a/IPython/frontend/html/notebook/base/handlers.py +++ b/IPython/frontend/html/notebook/base/handlers.py @@ -147,7 +147,10 @@ def get_current_user(self): @property def cookie_name(self): - return self.settings.get('cookie_name', '') + default_cookie_name = 'username-{host}'.format( + host=self.request.host, + ).replace(':', '-') + return self.settings.get('cookie_name', default_cookie_name) @property def password(self): diff --git a/IPython/frontend/html/notebook/notebookapp.py b/IPython/frontend/html/notebook/notebookapp.py index 9a0cbfe9842..7ba5210422a 100644 --- a/IPython/frontend/html/notebook/notebookapp.py +++ b/IPython/frontend/html/notebook/notebookapp.py @@ -166,7 +166,6 @@ def init_settings(self, ipython_app, kernel_manager, notebook_manager, # authentication cookie_secret=os.urandom(1024), login_url=url_path_join(base_project_url,'/login'), - cookie_name='username-%s' % uuid.uuid4(), read_only=ipython_app.read_only, password=ipython_app.password, From 91776b1d6b52f9d5d0409590cb03e439dd1cb749 Mon Sep 17 00:00:00 2001 From: MinRK Date: Tue, 28 May 2013 13:34:08 -0700 Subject: [PATCH 2/3] make cookie_secret configurable allows config to specify logins that survive across server instances (default behavior unchanged). Depends on PR #3372 --- IPython/frontend/html/notebook/notebookapp.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/IPython/frontend/html/notebook/notebookapp.py b/IPython/frontend/html/notebook/notebookapp.py index 7ba5210422a..f652ddcd162 100644 --- a/IPython/frontend/html/notebook/notebookapp.py +++ b/IPython/frontend/html/notebook/notebookapp.py @@ -83,7 +83,7 @@ from IPython.utils.localinterfaces import LOCALHOST from IPython.utils import submodule from IPython.utils.traitlets import ( - Dict, Unicode, Integer, List, Bool, + Dict, Unicode, Integer, List, Bool, Bytes, DottedObjectName ) from IPython.utils import py3compat @@ -164,7 +164,7 @@ def init_settings(self, ipython_app, kernel_manager, notebook_manager, static_url_prefix = url_path_join(base_project_url,'/static/'), # authentication - cookie_secret=os.urandom(1024), + cookie_secret=ipython_app.cookie_secret, login_url=url_path_join(base_project_url,'/login'), read_only=ipython_app.read_only, password=ipython_app.password, @@ -338,6 +338,15 @@ def _ip_changed(self, name, old, new): keyfile = Unicode(u'', config=True, help="""The full path to a private key file for usage with SSL/TLS.""" ) + + cookie_secret = Bytes(b'', config=True, + help="""The random bytes used to secure cookies. + By default this is a new random number every time you start the Notebook. + Set it to a value in a config file to enable logins to persist across server sessions. + """ + ) + def _cookie_secret_default(self): + return os.urandom(1024) password = Unicode(u'', config=True, help="""Hashed password to use for web authentication. From 7d13ca3c9eecad3f26769952152338d51fb46f2c Mon Sep 17 00:00:00 2001 From: MinRK Date: Tue, 4 Jun 2013 14:37:19 -0700 Subject: [PATCH 3/3] add note about sharing config files with cookie_secret --- IPython/frontend/html/notebook/notebookapp.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/IPython/frontend/html/notebook/notebookapp.py b/IPython/frontend/html/notebook/notebookapp.py index f652ddcd162..b5ed0269335 100644 --- a/IPython/frontend/html/notebook/notebookapp.py +++ b/IPython/frontend/html/notebook/notebookapp.py @@ -343,6 +343,9 @@ def _ip_changed(self, name, old, new): help="""The random bytes used to secure cookies. By default this is a new random number every time you start the Notebook. Set it to a value in a config file to enable logins to persist across server sessions. + + Note: Cookie secrets should be kept private, do not share config files with + cookie_secret stored in plaintext (you can read the value from a file). """ ) def _cookie_secret_default(self):