Client identification and sessions for Zope
This package provides interfaces for client identification and session support and their implementations for the request objects of zope.publisher.
Documentation is hosted at https://zopesession.readthedocs.io/
- Add support for Python 3.7.
- Host documentation at https://zopesession.readthedocs.io
- Add support for Python 3.5 and 3.6.
- Drop support for Python 2.6 and 3.3
- Reach 100% code coverage and maintain it via tox.ini and Travis CI.
- Add support for PyPy and PyPy3.
- Add support for Python 3.4.
- Add support for testing on Travis.
- Fix test that fails on any timezone east of GMT
- Add support for Python 3.3
- Replace deprecated zope.component.adapts usage with equivalent zope.component.adapter decorator.
- Replace deprecated zope.interface.implements usage with equivalent zope.interface.implementer decorator.
- Drop support for Python 2.4 and 2.5.
- LP #824355: enable support for HttpOnly cookies.
- Fix a bug in zope.session.session.Session that would trigger an infinite loop if either iteration or a containment test were attempted on an instance.
- Add an explicit provides to the IClientId adapter declaration in adapter.zcml.
- Add option to disable implicit sweeps in PersistentSessionDataContainer.
- Add test extra to declare test dependency on zope.testing.
- Use Python’s doctest module instead of depreacted zope.testing.doctest.
- Fix Python 2.4 hmac compatibility issue by only using hashlib in Python versions 2.5 and above.
- Use the CookieClientIdManager’s secret as the hmac key instead of the message when constructing and verifying client ids.
- Make it possible to construct CookieClientIdManager passing cookie namespace and/or secret as constructor’s arguments.
- Use zope.schema.fieldproperty.FieldProperty for “namespace” attribute of CookieClientIdManager, just like for other attributes in its interface. Also, make ICookieClientIdManager’s “namespace” field an ASCIILine, so it accepts only non-unicode strings for cookie names.
- Restore compatibility with Python 2.4.
- Don’t raise deprecation warnings on Python 2.6.
- Drop dependency on zope.annotation. Instead, we make classes implement IAttributeAnnotatable in ZCML configuration, only if zope.annotation is available. If your code relies on annotatable CookieClientIdManager and PersistentSessionDataContainer and you don’t include the zcml classes configuration of this package, you’ll need to use classImplements function from zope.interface to make those classes implement IAttributeAnnotatable again.
- Drop dependency on zope.app.http, use standard date formatting function from the email.utils module.
- Zope 3 application bootstrapping code for session utilities was moved into zope.app.appsetup package, thus drop dependency on zope.app.appsetup in this package.
- Drop testing dependencies, as we don’t need anything behind zope.testing and previous dependencies was simply migrated from zope.app.session before.
- Remove zpkg files and zcml slugs.
- Update package’s description a bit.
- Add an ability to set cookie effective domain for CookieClientIdManager. This is useful for simple cases when you have your application set up on one domain and you want your identification cookie be active for subdomains.
- Python 2.6 compatibility change. Encode strings before calling hmac.new() as the function no longer accepts the unicode() type.
- Add missing test dependency on zope.site and zope.app.publication.
- Specify i18n_domain for titles in apidoc.zcml
- ZODB 3.9 no longer contains ZODB.utils.ConflictResolvingMappingStorage, fixed tests, so they work both with ZODB 3.8 and 3.9.
- Added a ‘postOnly’ option on CookieClientIdManagers to only allow setting the client id cookie on POST requests. This is to further reduce risk from broken caches handing the same client id out to multiple users. (Of course, it doesn’t help if caches are broken enough to cache POSTs.)
Added a ‘secure’ option on CookieClientIdManagers to cause the secure set-cookie option to be used, which tells the browser not to send the cookie over http.
This provides enhanced security for ssl-only applications.
Only set the client-id cookie if it isn’t already set and try to prevent the header from being cached. This is to minimize risk from broken caches handing the same client id out to multiple users.
- Remove ConflictErrors caused on SessionData caused by setting lastAccessTime.
- Split up the ZCML to make it possible to re-use more reasonably.
- Change the default session “resolution” to a sane value and document/test it.
- Fixed some meta data and switch to tgz release.
- Initial release
- Moved parts from zope.app.session to this packages
Release history Release notifications
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size zope.session-4.3.0-py2.py3-none-any.whl (25.1 kB)||File type Wheel||Python version py2.py3||Upload date||Hashes View|
|Filename, size zope.session-4.3.0.tar.gz (34.6 kB)||File type Source||Python version None||Upload date||Hashes View|
Hashes for zope.session-4.3.0-py2.py3-none-any.whl