[Twisted-Python] twisted.web secured session cookies and multiple sites on same host
Hi, I am looking for the followings: * Force twisted.web to set session cookie as secured when HTTPS is used. * Allow 2 separate twisted.web Sites to run on same host/IP but with different sessions. I have checked the current code for getSession() [1] but i can see that session cookie is harcoded and I don't know how to use self.sitepath . I tried to search the code for sitepath, but I only got this comment, which I things is used to suppport some some sort of load balancing / high availability. # Sitepath is used to determine cookie names between distributed # servers and disconnected sites. Can this be done with current code? If not, I am happy to submit a ticket and a patch. To solve my problems I rewrote getSession to not use harcoded session name and to check for self.isSecure before setting a new session cookie. Many thanks! [1] https://github.com/twisted/twisted/blob/trunk/twisted/web/server.py#L384 -- Adi Roiban
On Jan 26, 2014, at 2:13 AM, Adi Roiban <adi@roiban.ro> wrote:
Can this be done with current code?
If not, I am happy to submit a ticket and a patch.
Even if it's currently possible to achieve, it seems to me that there ought to be an easy way to get this (much more secure) behavior by default. I'd appreciate it if you'd contribute a patch. Thanks! -glyph
On 28 January 2014 21:06, Glyph Lefkowitz <glyph@twistedmatrix.com> wrote:
On Jan 26, 2014, at 2:13 AM, Adi Roiban <adi@roiban.ro> wrote:
Can this be done with current code?
If not, I am happy to submit a ticket and a patch.
Even if it's currently *possible* to achieve, it seems to me that there ought to be an easy way to get this (much more secure) behavior by default. I'd appreciate it if you'd contribute a patch.
Thanks!
-glyph
Done. Tickest for review are here https://twistedmatrix.com/trac/ticket/6932 https://twistedmatrix.com/trac/ticket/6933 Thanks Jean Paul for your guidance, I fully agree that each ticket should solve a single problem. -- Adi Roiban
participants (2)
-
Adi Roiban
-
Glyph Lefkowitz