durusmail: qp: more on using digest
more on using digest
2005-10-29
Michael Watkins
2005-10-29
David Binger
Re: more on using digest
2005-10-29
Michael Watkins
2005-10-29
David Binger
2005-10-29
Michael Watkins
more on using digest
David Binger
2005-10-29
On Oct 29, 2005, at 11:57 AM, Michael Watkins wrote:

> Posted last note too soon; you can indeed issue the challenge
> without an
> https scheme, but once the user attempts login:
>
> Traceback (most recent call last):
>   File "/usr/local/lib/python2.4/site-packages/qp/pub/publish.py",
> line 158, in process_hit
>     self.fill_response()
>   File "/usr/local/lib/python2.4/site-packages/qp/pub/publish.py",
> line 202, in fill_response
>     assert get_request().get_scheme() == 'https', (
> AssertionError: Session cookies are only allowed with https.
>
> I can certainly see why this might be so, although some
> applications / use
> cases may find this level of assurance burdensome. Thoughts?

Maybe I should remove that assert, and make the value of the secure
flag on
the line (a couple down from line 202) that sets the cookie
be (get_request().get_scheme() == 'https'.
Would that do the trick?
reply