A secure way to hold Django session data in cookies
This package contains a drop-in replacement middleware for django.contrib.sessions.middleware.SessionMiddleware to store all session data in a browser cookie instead of the database. The code is based on a snippet from Christopher Lenz.
To prevent user tampering the session dictionary goes through the following encoding steps:
- The session dictionary is converted into JSON
- A SHA1 hash is made with the JSON and the site’s SECRET_KEY
- The JSON and SHA1 hash are concatenated, gzipped and base64 encoded.
- The cookie is base64 decoded and ungzipped
- The data is split into the SHA1 hash and the JSON data
- The SHA1 hash is regenerated from the received JSON data and the site’s SECRET_KEY
- If the hashes don’t match, a SuspiciousOperation exception is raised. If the hashes match, the JSON data is converted into a python object and returned.
Place the cookiesession app into your INSTALLED_APPS. Next, put the cookiesession.middleware.CookieSessionMiddleware middleware into your MIDDLEWARE_CLASSES. This middleware is designed as a replacement to django.contrib.sessions.middleware.SessionMiddleware
Two management commands are included to make debugging things easier.
- Called as ./manage.py decode_session_cookie <session_cookie_string> and prints the keys and values of the session dictionary.
- Encodes key=val arguments into a cookie for manual insertion into your browser for testing purposes. You must call the command as ./manage.py encode_cookie key1=value key2=value. Prints out the encoded cookie string
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size django-cookiesession-0.1.1.tar.gz (537.4 kB)||File type Source||Python version None||Upload date||Hashes View|
Hashes for django-cookiesession-0.1.1.tar.gz