durusmail: qp: Re: more on using digest
more on using digest
2005-10-29
Michael Watkins
2005-10-29
David Binger
Re: more on using digest
2005-10-29
Michael Watkins
2005-10-29
David Binger
2005-10-29
Michael Watkins
Re: more on using digest
Michael Watkins
2005-10-29
* David Binger wrote [2005-10-29 12:27:35 -0400]:

> Maybe I should remove that assert, and make the value of the secure  flag
> on the line (a couple down from line 202) that sets the cookie be
> (get_request().get_scheme() == 'https'.  Would that do the trick?

What about the first test in fill_response?

189         if (session and
190             (get_request().get_scheme() != 'https' or
191              not session.is_valid())):
192             del self.get_sessions()[cookie]
193             session = None

Seems as if you expected there to always be secure communication present for
sessions; without a more substantial change to allow for insecure sessions,
the sessions mapping is going to be updated every hit as is, no?
reply