[core] Protect session data from unwanted loading.
Use specialised Session and Connection types that forward their 'data' and
'session_data' attributes to the pyramid request.session attribute.
This forwarding is done with properties, instead of copying a reference, which
allow to access request.session (and the session factory) if and only if
Session.data or Connection.session_data is accessed.
In some cases, most notably the static resources requests, it can mean no
access the session during the request handling, which saves a request to the
session persistence layer.
Closes #4891437
import webtest
from cubicweb.devtools.webtest import CubicWebTestTC
from pyramid_cubicweb import make_cubicweb_application
class PyramidCWTest(CubicWebTestTC):
@classmethod
def init_config(cls, config):
super(PyramidCWTest, cls).init_config(config)
config.global_set_option('https-url', 'https://localhost.local/')
config.global_set_option('anonymous-user', 'anon')
config['pyramid-auth-secret'] = 'authsecret'
config['pyramid-session-secret'] = 'sessionsecret'
def setUp(self):
# Skip CubicWebTestTC setUp
super(CubicWebTestTC, self).setUp()
config = make_cubicweb_application(self.config)
self.includeme(config)
self.pyr_registry = config.registry
self.webapp = webtest.TestApp(config.make_wsgi_app())
def includeme(self, config):
pass