Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make cookie_secret configurable #3373

Merged
merged 3 commits into from Jun 4, 2013
Merged

make cookie_secret configurable #3373

merged 3 commits into from Jun 4, 2013

Conversation

minrk
Copy link
Member

@minrk minrk commented May 28, 2013

allows config to specify logins that survive across server instances (default behavior unchanged).

Depends on PR #3372

minrk added 2 commits May 28, 2013 13:23
@minrk
base default cookie name on request host+port
6a60e53 
instead of random.

The random cookie name meant that every time you restarted the notebook it would get a new key in the cookie for the same host, resulting in an ever-growing cookie full of obsolete data.
@minrk
make cookie_secret configurable
91776b1 
allows config to specify logins that survive across server instances (default behavior unchanged).

Depends on PR ipython#3372
@Carreau
Copy link
Member

Carreau commented May 28, 2013

I suppose this replace #3372 ?

@minrk
Copy link
Member Author

minrk commented May 28, 2013

I suppose this replace #3372 ?

No, it's separate, but it depends on it.

@minrk
Copy link
Member Author

minrk commented May 29, 2013

I just re-read the title/description and now I know why you asked - I took them from the wrong commit. This should actually describe the PR now.

Carreau
Carreau reviewed Jun 1, 2013
View reviewed changes
IPython/frontend/html/notebook/notebookapp.py
cookie_secret = Bytes(b'', config=True,
help="""The random bytes used to secure cookies.
By default this is a new random number every time you start the Notebook.
Set it to a value in a config file to enable logins to persist across server sessions.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you want to add a warning "do not shared config files with cookies secret in it" ?
Also we could make the cookie secret maybe in another file in the security folder, or elsewhere.
you configure a path, and if this path is set then server write a random key on it and is able to find it next time.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note added

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, yes, config files are python file, you can read it from here... so merging away.

Carreau added a commit that referenced this pull request Jun 4, 2013
@Carreau
Merge pull request #3373 from minrk/cookiesecret
f57d5c7 
make cookie_secret configurable

Allows config to specify logins that survive across server instances (default behavior unchanged).

Add warning about not sharing config files with cookie secret.
@Carreau Carreau merged commit f57d5c7 into ipython:master Jun 4, 2013
@minrk minrk mentioned this pull request Jul 4, 2013
Closed
@minrk minrk deleted the cookiesecret branch March 31, 2014 23:36
mattvonrocketstein pushed a commit to mattvonrocketstein/ipython that referenced this pull request Nov 3, 2014
@Carreau
Merge pull request ipython#3373 from minrk/cookiesecret
ec52f2e 
make cookie_secret configurable

Allows config to specify logins that survive across server instances (default behavior unchanged).

Add warning about not sharing config files with cookie secret.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@minrk @Carreau