Skip to main content

Allow use of Pyramid-style signed or encrypted cookie for scallable Zope2 session storage

Project description

``zope2.sessioncookie``
=============================

Bridge to allow using Pyramid's `cookie session implementation
<http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html>`_
in Zope2.

.. note::

Initial development of this library was sponsored by ZeOmega Inc.

Installation
------------

1. Clone the repository. E.g.::

$ cd /path/to/
$ git clone git@github.com:zopefoundation/zope2.sessioncookie

2. Get ``zope2.sessioncookie`` installed on the Python path. E.g.::

$ cd /path/to/zope2.sessioncookie
$ /path/to/virtualenv_with_zope2/bin/pip install -e .
...

3. Copy / link the ``zope2.sessioncookie-meta.zcml`` file into the
``$INSTANCE_HOME/etc/package-includes`` of your Zope instance. (You might
need to create the directory first.) E.g.::

$ cd /path/to/zopes_instance
$ mkdir -p etc/package-includes
$ cd etc/package-includes
$ ln -s \
/path/to/zope2.sessioncookie/zope2.sessioncookie-meta.zcml .

4. Generate a 32-byte, hexlified secret::

$ /path/to/virtualenv_with_zope2/bin/print_secret
DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF

4. Edit the ``site.zcml`` for your instance. E.g.::

$ cd /path/to/zopes_instance
$ vim etc/site.zcml

Add an XML namespace declaration at the top, e.g.::

xmlns:sc="https://github.com/zopefoundation/zope2.sessioncookie"

Add a stanza near the end, configuring the cookie session. E.g.::

<sc:sessioncookie
secret="DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF"
secure="False"
encrypt="True"/>

5. Run the installation script, which disables the standard session
manager and adds the new hook. E.g.::

$ bin/zopectl run \
/path/to/zope2.sessioncookie/zope2/sessioncookie/scripts/install.py

6. (Re)start your Zope instance. Test methods which set session variables,
and inspect request / response cookies to see that ``_ZopeId`` is no longer
being set, while ``session`` *is* set (with encrypted, base64-encoded data).


Changelog
=========

0.7 (2015-12-16)
----------------

- Fix example ZCML snippet in ``README.rst`` (PR #3).

- Fix ZCML namespace in ``zope2/sessioncookie/meta.zcml`` (PR #3).

- Add script for uninstalling the root traversal hook (PR #2).

0.6.1 (2015-12-08)
------------------

- Packaging bug: add missing ``MANIFEST.in``.

0.6 (2015-11-23)
----------------

- Transferred copyright to Zope Foundation, relicensed to ZPL 2.1.

- Rename from ``zope2.signedsessioncookie`` -> ``zope2.sessioncookie``.

- Replace locally-defined ``EncryptingPickleSerialzer`` with
``pyramid_nacl_session.EncryptedSerializer``. Closes #8 and #9.

0.5 (2015-10-08)
----------------

- Add support for (optionally) encrypting session cookies, rather than
signing them.

0.4 (2015-10-05)
----------------

- Add an attribute, ``signedsessioncookie_installed``, to the root object
during installation.

0.3 (2015-09-30)
----------------

- Fix rendering ``http_only`` cookie attribute.

0.2 (2015-09-29)
----------------

- Add support for extra Pyramid session configuration via ZCML:
``hash_algorithm``, ``timeout``, ``reissue_time``.

- Suppress empty / None values in cookie attributes passed to
``ZPublisher.HTTPResponse.setCookie``.

- Refactor install script to allow reuse from other modules.

- Fix compatibility w/ ``zope.configuration 3.7.4``.

0.1 (2015-09-18)
----------------

- Initial release.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

zope2.sessioncookie-0.7.tar.gz (11.0 kB view details)

Uploaded Source

File details

Details for the file zope2.sessioncookie-0.7.tar.gz.

File metadata

File hashes

Hashes for zope2.sessioncookie-0.7.tar.gz
Algorithm Hash digest
SHA256 fa125cc9f395d56e7db31746bf1d5b5f5fab12606277daaddf6287eb8f8362c8
MD5 22a1b8bf6328a274334cbf4b8fc56994
BLAKE2b-256 1756900513c53b94bf214f23a958cc43d638c6b7934cd9737458742667e8d26c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page