This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!
Project Description

zope2.sessioncookie

Bridge to allow using Pyramid’s cookie session implementation in Zope2.

Note

Initial development of this library was sponsored by ZeOmega Inc.

Installation

  1. Clone the repository. E.g.:

    $ cd /path/to/
    $ git clone git@github.com:zopefoundation/zope2.sessioncookie
    
  2. Get zope2.sessioncookie installed on the Python path. E.g.:

    $ cd /path/to/zope2.sessioncookie
    $ /path/to/virtualenv_with_zope2/bin/pip install -e .
    ...
    
  3. Copy / link the zope2.sessioncookie-meta.zcml file into the $INSTANCE_HOME/etc/package-includes of your Zope instance. (You might need to create the directory first.) E.g.:

    $ cd /path/to/zopes_instance
    $ mkdir -p etc/package-includes
    $ cd etc/package-includes
    $ ln -s \
        /path/to/zope2.sessioncookie/zope2.sessioncookie-meta.zcml .
    
  4. Generate a 32-byte, hexlified secret:

    $ /path/to/virtualenv_with_zope2/bin/print_secret
    DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF
    
  1. Edit the site.zcml for your instance. E.g.:

    $ cd /path/to/zopes_instance
    $ vim etc/site.zcml
    

    Add an XML namespace declaration at the top, e.g.:

    xmlns:sc="https://github.com/zopefoundation/zope2.sessioncookie"
    

    Add a stanza near the end, configuring the cookie session. E.g.:

    <sc:sessioncookie
     secret="DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF"
     secure="False"
     encrypt="True"/>
    
  2. Run the installation script, which disables the standard session manager and adds the new hook. E.g.:

    $ bin/zopectl run \
        /path/to/zope2.sessioncookie/zope2/sessioncookie/scripts/install.py
    
  3. (Re)start your Zope instance. Test methods which set session variables, and inspect request / response cookies to see that _ZopeId is no longer being set, while session is set (with encrypted, base64-encoded data).

Changelog

0.8 (2016-04-28)

  • Add a ZopeCookieSession.set method (PR #4).

0.7.1 (2015-12-16)

  • Packaging bug: fix rendering of README.txt in --long-description output.

0.7 (2015-12-16)

  • Fix example ZCML snippet in README.rst (PR #3).
  • Fix ZCML namespace in zope2/sessioncookie/meta.zcml (PR #3).
  • Add script for uninstalling the root traversal hook (PR #2).

0.6.1 (2015-12-08)

  • Packaging bug: add missing MANIFEST.in.

0.6 (2015-11-23)

  • Transferred copyright to Zope Foundation, relicensed to ZPL 2.1.
  • Rename from zope2.signedsessioncookie -> zope2.sessioncookie.
  • Replace locally-defined EncryptingPickleSerialzer with pyramid_nacl_session.EncryptedSerializer. Closes #8 and #9.

0.5 (2015-10-08)

  • Add support for (optionally) encrypting session cookies, rather than signing them.

0.4 (2015-10-05)

  • Add an attribute, signedsessioncookie_installed, to the root object during installation.

0.3 (2015-09-30)

  • Fix rendering http_only cookie attribute.

0.2 (2015-09-29)

  • Add support for extra Pyramid session configuration via ZCML: hash_algorithm, timeout, reissue_time.
  • Suppress empty / None values in cookie attributes passed to ZPublisher.HTTPResponse.setCookie.
  • Refactor install script to allow reuse from other modules.
  • Fix compatibility w/ zope.configuration 3.7.4.

0.1 (2015-09-18)

  • Initial release.
Release History

Release History

0.8

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.7.1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.7

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.6.1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.6

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
zope2.sessioncookie-0.8.tar.gz (17.0 kB) Copy SHA256 Checksum SHA256 Source Apr 29, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting