[Quixote-users] Session2.0.6 patch for secure and httponly cookies

Session2.0.6 patch for secure and httponly cookies

2010-11-24

Session2.0.6 patch for secure and httponly cookies

Robert Ladyman

2010-11-24

Dear All,

I hope this is the correct format: this is a straight transfer across from the
standard Quixote session code to add secure and httponly options to the
session2 cookies. I've tested it and it functions correctly.

=== modified file 'session2/SessionManager.py'
--- session2/SessionManager.py  2010-11-23 13:28:26 +0000
+++ session2/SessionManager.py  2010-11-24 10:50:40 +0000
@@ -197,8 +197,15 @@
             if not path.endswith("/"):
                 path += "/"
         domain = config.session_cookie_domain
-        get_response().set_cookie(name, value, domain=domain,
-                                  path=path, **attrs)
+
+        # Modified R J Ladyman 2010-11-23 to include secure and httponly as
per Quixote 2.7b1
+        attrs = attrs.copy()
+        if config.session_cookie_secure:
+            attrs['secure'] = 1
+        if config.session_cookie_httponly:
+            attrs['httponly'] = 1
+        # End of modification R J Ladyman 2010-11-23
+        get_response().set_cookie(name, value, domain=domain,  path=path,
**attrs)
         return name

     def set_session_cookie(self, session_id):



--
Robert Ladyman
File-Away Limited
3 Ralston Business Centre, Newtyle, Blairgowrie
Perthshire  PH12 8TL SCOTLAND
Tel: +44 (0) 1828 898 158
Mobile: +44 (0) 7732 771 649
http://www.file-away.co.uk

============================================
Registered Office: 32 Church Street, Newtyle, Blairgowrie
Perthshire, PH12 8TZ SCOTLAND
Registered in Scotland, Company Number SC222086