Skip to content
This repository has been archived by the owner. It is now read-only.
Enable use of Pyramid-style signed or encrypted cookies for scalable session storage
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs
zope2
.gitignore
CHANGES.rst
COPYRIGHT.txt
LICENSE.txt
MANIFEST.in
README.rst
setup.py
zope2.sessioncookie-meta.zcml

README.rst

Caution!

This repository has been archived. If you want to work on it please open a ticket in https://github.com/zopefoundation/meta/issues requesting its unarchival.

zope2.sessioncookie

Bridge to allow using Pyramid's cookie session implementation in Zope2.

Note

Initial development of this library was sponsored by ZeOmega Inc.

Installation

  1. Clone the repository. E.g.:

    $ cd /path/to/
    $ git clone git@github.com:zopefoundation/zope2.sessioncookie
    
  2. Get zope2.sessioncookie installed on the Python path. E.g.:

    $ cd /path/to/zope2.sessioncookie
    $ /path/to/virtualenv_with_zope2/bin/pip install -e .
    ...
    
  3. Copy / link the zope2.sessioncookie-meta.zcml file into the $INSTANCE_HOME/etc/package-includes of your Zope instance. (You might need to create the directory first.) E.g.:

    $ cd /path/to/zopes_instance
    $ mkdir -p etc/package-includes
    $ cd etc/package-includes
    $ ln -s \
        /path/to/zope2.sessioncookie/zope2.sessioncookie-meta.zcml .
    
  4. Generate a 32-byte, hexlified secret:

    $ /path/to/virtualenv_with_zope2/bin/print_secret
    DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF
    
  1. Edit the site.zcml for your instance. E.g.:

    $ cd /path/to/zopes_instance
    $ vim etc/site.zcml
    

    Add an XML namespace declaration at the top, e.g.:

    xmlns:sc="https://github.com/zopefoundation/zope2.sessioncookie"
    

    Add a stanza near the end, configuring the cookie session. E.g.:

    <sc:sessioncookie
     secret="DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF"
     secure="False"
     encrypt="True"/>
    
  2. Run the installation script, which disables the standard session manager and adds the new hook. E.g.:

    $ bin/zopectl run \
        /path/to/zope2.sessioncookie/zope2/sessioncookie/scripts/install.py
    
  3. (Re)start your Zope instance. Test methods which set session variables, and inspect request / response cookies to see that _ZopeId is no longer being set, while session is set (with encrypted, base64-encoded data).

You can’t perform that action at this time.