author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
Wed, 12 Apr 2017 16:14:10 +0200 | |
branch | 3.25 |
changeset 12156 | 0d1d22a3a48b |
parent 12108 | 1a5fc93c81db |
child 12225 | a8ed10f80a85 |
permissions | -rw-r--r-- |
11967
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
1 |
# copyright 2017 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
2 |
# copyright 2014-2016 UNLISH S.A.S. (Montpellier, FRANCE), all rights reserved. |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
3 |
# |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
4 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
5 |
# |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
6 |
# This file is part of CubicWeb. |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
7 |
# |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
8 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
9 |
# terms of the GNU Lesser General Public License as published by the Free |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
10 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
11 |
# any later version. |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
12 |
# |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
13 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
14 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
15 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
16 |
# details. |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
17 |
# |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
18 |
# You should have received a copy of the GNU Lesser General Public License along |
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
19 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
12108
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
20 |
""" |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
21 |
Web session when using pyramid |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
22 |
------------------------------ |
11967
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
23 |
|
12108
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
24 |
CubicWeb ``CWSession`` entity type so that sessions can be |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
25 |
stored in the database, which allows to run a Cubicweb instance |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
26 |
without having to set up a session storage (like redis or memcache) |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
27 |
solution. |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
28 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
29 |
However, for production systems, it is greatly advised to use such a |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
30 |
storage solution for the sessions. |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
31 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
32 |
The handling of the sessions is made by pyramid (see the |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
33 |
`pyramid's documentation on sessions`_ for more details). |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
34 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
35 |
For example, to set up a redis based session storage, you need the |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
36 |
`pyramid-redis-session`_ package, then you must configure pyramid to |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
37 |
use this backend, by configuring the pyramid configuration file: |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
38 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
39 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
40 |
.. code-block:: ini |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
41 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
42 |
[main] |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
43 |
cubicweb.defaults = no # we do not want to load the default cw session handling |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
44 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
45 |
cubicweb.auth.authtkt.session.secret = <secret1> |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
46 |
cubicweb.auth.authtkt.persistent.secret = <secret2> |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
47 |
cubicweb.auth.authtkt.session.secure = yes |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
48 |
cubicweb.auth.authtkt.persistent.secure = yes |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
49 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
50 |
redis.sessions.secret = <secret3> |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
51 |
redis.sessions.prefix = <my-app>: |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
52 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
53 |
redis.sessions.url = redis://localhost:6379/0 |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
54 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
55 |
pyramid.includes = |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
56 |
pyramid_redis_sessions |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
57 |
cubicweb.pyramid.auth |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
58 |
cubicweb.pyramid.login |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
59 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
60 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
61 |
.. Warning:: If you want to be able to log in a CubicWeb application |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
62 |
served by pyramid on a unsecured stream (typically when |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
63 |
you start an instance in dev mode using a simple |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
64 |
``cubicweb-ctl pyramid -D -linfo myinstance``), you |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
65 |
**must** set ``cubicweb.auth.authtkt.session.secure`` to |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
66 |
``no``. |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
67 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
68 |
Secrets |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
69 |
~~~~~~~ |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
70 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
71 |
There are a number of secrets to configure in ``pyramid.ini``. They |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
72 |
should be different one from each other, as explained in `Pyramid's |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
73 |
documentation`_. |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
74 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
75 |
For the record, regarding session handling: |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
76 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
77 |
:cubicweb.session.secret: This secret is used to encrypt the session's |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
78 |
data ID (data themselved are stored in the backend, database or |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
79 |
redis) when using the integrated (``CWSession`` based) session data |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
80 |
storage. |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
81 |
|
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
82 |
:redis.session.secret: This secret is used to encrypt the session's |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
83 |
data ID (data themselved are stored in the backend, database or |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
84 |
redis) when using redis as backend. |
1a5fc93c81db
[doc] Move content of former README.pyramid into relevant modules
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11993
diff
changeset
|
85 |
""" |
11967
83739be20fab
[pyramid] Add a copyright and docstring to all modules
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11896
diff
changeset
|
86 |
|
11506
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
87 |
import warnings |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
88 |
import logging |
11629
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
89 |
from contextlib import contextmanager |
11506
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
90 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
91 |
from pyramid.compat import pickle |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
92 |
from pyramid.session import SignedCookieSessionFactory |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
93 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
94 |
from cubicweb import Binary |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
95 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
96 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
97 |
log = logging.getLogger(__name__) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
98 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
99 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
100 |
def logerrors(logger): |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
101 |
def wrap(fn): |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
102 |
def newfn(*args, **kw): |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
103 |
try: |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
104 |
return fn(*args, **kw) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
105 |
except: |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
106 |
logger.exception("Error in %s" % fn.__name__) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
107 |
return newfn |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
108 |
return wrap |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
109 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
110 |
|
11629
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
111 |
@contextmanager |
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
112 |
def unsafe_cnx_context_manager(request): |
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
113 |
"""Return a connection for use as a context manager, with security disabled |
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
114 |
|
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
115 |
If request has an attached connection, its security will be deactived in the context manager's |
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
116 |
scope, else a new internal connection is returned. |
11896
327585fd7670
[pyramid] Don't use unsafe_cnx_context_manager for write queries
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11631
diff
changeset
|
117 |
|
327585fd7670
[pyramid] Don't use unsafe_cnx_context_manager for write queries
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11631
diff
changeset
|
118 |
This should be used for read-only queries, not if you intend to commit/rollback some data. |
11629
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
119 |
""" |
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
120 |
cnx = request.cw_cnx |
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
121 |
if cnx is None: |
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
122 |
with request.registry['cubicweb.repository'].internal_cnx() as cnx: |
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
123 |
yield cnx |
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
124 |
else: |
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
125 |
with cnx.security_enabled(read=False, write=False): |
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
126 |
yield cnx |
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
127 |
|
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
128 |
|
11506
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
129 |
def CWSessionFactory( |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
130 |
secret, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
131 |
cookie_name='session', |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
132 |
max_age=None, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
133 |
path='/', |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
134 |
domain=None, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
135 |
secure=False, |
11579
78ba3e88a549
set httponly on session cookie
Julien Cristau <julien.cristau@logilab.fr>
parents:
11537
diff
changeset
|
136 |
httponly=True, |
11506
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
137 |
set_on_exception=True, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
138 |
timeout=1200, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
139 |
reissue_time=120, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
140 |
hashalg='sha512', |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
141 |
salt='pyramid.session.', |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
142 |
serializer=None): |
11537
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
143 |
""" A pyramid session factory that store session data in the CubicWeb |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
144 |
database. |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
145 |
|
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
146 |
Storage is done with the 'CWSession' entity, which is provided by the |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
147 |
'pyramid' cube. |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
148 |
|
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
149 |
.. warning:: |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
150 |
|
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
151 |
Although it provides a sane default behavior, this session storage has |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
152 |
a serious overhead because it uses RQL to access the database. |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
153 |
|
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
154 |
Using pure SQL would improve a bit (it is roughly twice faster), but it |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
155 |
is still pretty slow and thus not an immediate priority. |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
156 |
|
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
157 |
It is recommended to use faster session factory |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
158 |
(pyramid_redis_sessions_ for example) if you need speed. |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
159 |
|
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
160 |
.. _pyramid_redis_sessions: http://pyramid-redis-sessions.readthedocs.org/ |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
161 |
en/latest/index.html |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
162 |
""" |
11506
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
163 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
164 |
SignedCookieSession = SignedCookieSessionFactory( |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
165 |
secret, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
166 |
cookie_name=cookie_name, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
167 |
max_age=max_age, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
168 |
path=path, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
169 |
domain=domain, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
170 |
secure=secure, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
171 |
httponly=httponly, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
172 |
set_on_exception=set_on_exception, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
173 |
timeout=timeout, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
174 |
reissue_time=reissue_time, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
175 |
hashalg=hashalg, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
176 |
salt=salt, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
177 |
serializer=serializer) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
178 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
179 |
class CWSession(SignedCookieSession): |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
180 |
def __init__(self, request): |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
181 |
# _set_accessed will be called by the super __init__. |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
182 |
# Setting _loaded to True inhibates it. |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
183 |
self._loaded = True |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
184 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
185 |
# the super __init__ will load a single value in the dictionnary, |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
186 |
# the session id. |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
187 |
super(CWSession, self).__init__(request) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
188 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
189 |
# Remove the session id from the dict |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
190 |
self.sessioneid = self.pop('sessioneid', None) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
191 |
self.repo = request.registry['cubicweb.repository'] |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
192 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
193 |
# We need to lazy-load only for existing sessions |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
194 |
self._loaded = self.sessioneid is None |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
195 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
196 |
@logerrors(log) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
197 |
def _set_accessed(self, value): |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
198 |
self._accessed = value |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
199 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
200 |
if self._loaded: |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
201 |
return |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
202 |
|
11629
0459094d9728
Use opened connections as much as possible
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11625
diff
changeset
|
203 |
with unsafe_cnx_context_manager(self.request) as cnx: |
11625
b23d60a9ea84
retrieve session data in a single query
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11606
diff
changeset
|
204 |
value_rset = cnx.execute('Any D WHERE X eid %(x)s, X cwsessiondata D', |
b23d60a9ea84
retrieve session data in a single query
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11606
diff
changeset
|
205 |
{'x': self.sessioneid}) |
b23d60a9ea84
retrieve session data in a single query
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11606
diff
changeset
|
206 |
value = value_rset[0][0] |
11506
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
207 |
if value: |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
208 |
# Use directly dict.update to avoir _set_accessed to be |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
209 |
# recursively called |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
210 |
dict.update(self, pickle.load(value)) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
211 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
212 |
self._loaded = True |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
213 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
214 |
def _get_accessed(self): |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
215 |
return self._accessed |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
216 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
217 |
accessed = property(_get_accessed, _set_accessed) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
218 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
219 |
@logerrors(log) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
220 |
def _set_cookie(self, response): |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
221 |
# Save the value in the database |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
222 |
data = Binary(pickle.dumps(dict(self))) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
223 |
sessioneid = self.sessioneid |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
224 |
|
11896
327585fd7670
[pyramid] Don't use unsafe_cnx_context_manager for write queries
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11631
diff
changeset
|
225 |
with self.request.registry['cubicweb.repository'].internal_cnx() as cnx: |
11506
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
226 |
if not sessioneid: |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
227 |
session = cnx.create_entity( |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
228 |
'CWSession', cwsessiondata=data) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
229 |
sessioneid = session.eid |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
230 |
else: |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
231 |
session = cnx.entity_from_eid(sessioneid) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
232 |
session.cw_set(cwsessiondata=data) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
233 |
cnx.commit() |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
234 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
235 |
# Only if needed actually set the cookie |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
236 |
if self.new or self.accessed - self.renewed > self._reissue_time: |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
237 |
dict.clear(self) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
238 |
dict.__setitem__(self, 'sessioneid', sessioneid) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
239 |
return super(CWSession, self)._set_cookie(response) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
240 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
241 |
return True |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
242 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
243 |
return CWSession |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
244 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
245 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
246 |
def includeme(config): |
11537
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
247 |
""" Activate the CubicWeb session factory. |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
248 |
|
11631
faf279e33298
Merge with pyramid-cubicweb
Yann Voté <yann.vote@logilab.fr>
parents:
11629
diff
changeset
|
249 |
Usually called via ``config.include('cubicweb.pyramid.auth')``. |
11537
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
250 |
|
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
251 |
See also :ref:`defaults_module` |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11506
diff
changeset
|
252 |
""" |
11606
e245680acce3
[config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082)
David Douard <david.douard@logilab.fr>
parents:
11579
diff
changeset
|
253 |
settings = config.registry.settings |
11993
07af2c2c264b
[pyramid] Drop retrieval of auth/session secret in all-in-one.conf
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11967
diff
changeset
|
254 |
try: |
07af2c2c264b
[pyramid] Drop retrieval of auth/session secret in all-in-one.conf
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11967
diff
changeset
|
255 |
secret = settings['cubicweb.session.secret'] |
07af2c2c264b
[pyramid] Drop retrieval of auth/session secret in all-in-one.conf
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11967
diff
changeset
|
256 |
except KeyError: |
11506
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
257 |
secret = 'notsosecret' |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
258 |
warnings.warn(''' |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
259 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
260 |
!! WARNING !! !! WARNING !! |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
261 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
262 |
The session cookies are signed with a static secret key. |
11606
e245680acce3
[config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082)
David Douard <david.douard@logilab.fr>
parents:
11579
diff
changeset
|
263 |
To put your own secret key, edit your pyramid.ini file |
e245680acce3
[config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082)
David Douard <david.douard@logilab.fr>
parents:
11579
diff
changeset
|
264 |
and set the 'cubicweb.session.secret' key. |
11506
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
265 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
266 |
YOU SHOULD STOP THIS INSTANCE unless your really know what you |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
267 |
are doing !! |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
268 |
|
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
269 |
''') |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
270 |
session_factory = CWSessionFactory(secret) |
bfc1aa1dba30
DB-saved session data
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
271 |
config.set_session_factory(session_factory) |