Permalink
Browse files

more secure sessions in cookies using json

  • Loading branch information...
mdipierro committed Mar 24, 2016
1 parent 1856c9d commit 0820926b500a321060ef6a76ce89fd35a252f8b0
Showing with 11 additions and 10 deletions.
  1. +3 −1 applications/examples/models/session.py
  2. +8 −9 gluon/utils.py
@@ -1 +1,3 @@
session.connect(request,response,cookie_key='yoursecret')
from gluon.utils import web2py_uuid
cookie_key = cache.ram('cookie_key',lambda: web2py_uuid(),None)
session.connect(request,response,cookie_key=cookie_key)
@@ -23,16 +23,12 @@
import socket
import base64
import zlib
import json
_struct_2_long_long = struct.Struct('=QQ')
python_version = sys.version_info[0]
if python_version == 2:
import cPickle as pickle
else:
import pickle
import hashlib
from hashlib import md5, sha1, sha224, sha256, sha384, sha512
@@ -163,13 +159,16 @@ def get_callable_argspec(fn):
def pad(s, n=32, padchar=' '):
return s + (32 - len(s) % 32) * padchar
if len(s)<n:
s += (32 - len(s)) * padchar
elif len(s)>n:
s = s[:n]
return s
def secure_dumps(data, encryption_key, hash_key=None, compression_level=None):
if not hash_key:
hash_key = sha1(encryption_key).hexdigest()
dump = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)
dump = json.dumps(data)
if compression_level:
dump = zlib.compress(dump, compression_level)
key = pad(encryption_key[:32])
@@ -197,7 +196,7 @@ def secure_loads(data, encryption_key, hash_key=None, compression_level=None):
data = data.rstrip(' ')
if compression_level:
data = zlib.decompress(data)
return pickle.loads(data)
return json.loads(data)
except Exception, e:
return None

0 comments on commit 0820926

Please sign in to comment.