Allow use of Pyramid-style signed or encrypted cookie for scallable Zope2 session storage
Project description
``zope2.sessioncookie``
=============================
Bridge to allow using Pyramid's `cookie session implementation
<http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html>`_
in Zope2.
.. note::
Initial development of this library was sponsored by ZeOmega Inc.
Installation
------------
1. Clone the repository. E.g.::
$ cd /path/to/
$ git clone git@github.com:zopefoundation/zope2.sessioncookie
2. Get ``zope2.sessioncookie`` installed on the Python path. E.g.::
$ cd /path/to/zope2.sessioncookie
$ /path/to/virtualenv_with_zope2/bin/pip install -e .
...
3. Copy / link the ``zope2.sessioncookie-meta.zcml`` file into the
``$INSTANCE_HOME/etc/package-includes`` of your Zope instance. (You might
need to create the directory first.) E.g.::
$ cd /path/to/zopes_instance
$ mkdir -p etc/package-includes
$ cd etc/package-includes
$ ln -s \
/path/to/zope2.sessioncookie/zope2.sessioncookie-meta.zcml .
4. Generate a 32-byte, hexlified secret::
$ /path/to/virtualenv_with_zope2/bin/print_secret
DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF
4. Edit the ``site.zcml`` for your instance. E.g.::
$ cd /path/to/zopes_instance
$ vim etc/site.zcml
Add an XML namespace declaration at the top, e.g.::
xmlns:sc="https://github.com/zopefoundation/zope2.sessioncookie"
Add a stanza near the end, configuring the cookie session. E.g.::
<sc:sessioncookie
secret="DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF"
secure="False"
encrypt="True"/>
5. Run the installation script, which disables the standard session
manager and adds the new hook. E.g.::
$ bin/zopectl run \
/path/to/zope2.sessioncookie/zope2/sessioncookie/scripts/install.py
6. (Re)start your Zope instance. Test methods which set session variables,
and inspect request / response cookies to see that ``_ZopeId`` is no longer
being set, while ``session`` *is* set (with encrypted, base64-encoded data).
Changelog
=========
0.7 (2015-12-16)
----------------
- Fix example ZCML snippet in ``README.rst`` (PR #3).
- Fix ZCML namespace in ``zope2/sessioncookie/meta.zcml`` (PR #3).
- Add script for uninstalling the root traversal hook (PR #2).
0.6.1 (2015-12-08)
------------------
- Packaging bug: add missing ``MANIFEST.in``.
0.6 (2015-11-23)
----------------
- Transferred copyright to Zope Foundation, relicensed to ZPL 2.1.
- Rename from ``zope2.signedsessioncookie`` -> ``zope2.sessioncookie``.
- Replace locally-defined ``EncryptingPickleSerialzer`` with
``pyramid_nacl_session.EncryptedSerializer``. Closes #8 and #9.
0.5 (2015-10-08)
----------------
- Add support for (optionally) encrypting session cookies, rather than
signing them.
0.4 (2015-10-05)
----------------
- Add an attribute, ``signedsessioncookie_installed``, to the root object
during installation.
0.3 (2015-09-30)
----------------
- Fix rendering ``http_only`` cookie attribute.
0.2 (2015-09-29)
----------------
- Add support for extra Pyramid session configuration via ZCML:
``hash_algorithm``, ``timeout``, ``reissue_time``.
- Suppress empty / None values in cookie attributes passed to
``ZPublisher.HTTPResponse.setCookie``.
- Refactor install script to allow reuse from other modules.
- Fix compatibility w/ ``zope.configuration 3.7.4``.
0.1 (2015-09-18)
----------------
- Initial release.
=============================
Bridge to allow using Pyramid's `cookie session implementation
<http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html>`_
in Zope2.
.. note::
Initial development of this library was sponsored by ZeOmega Inc.
Installation
------------
1. Clone the repository. E.g.::
$ cd /path/to/
$ git clone git@github.com:zopefoundation/zope2.sessioncookie
2. Get ``zope2.sessioncookie`` installed on the Python path. E.g.::
$ cd /path/to/zope2.sessioncookie
$ /path/to/virtualenv_with_zope2/bin/pip install -e .
...
3. Copy / link the ``zope2.sessioncookie-meta.zcml`` file into the
``$INSTANCE_HOME/etc/package-includes`` of your Zope instance. (You might
need to create the directory first.) E.g.::
$ cd /path/to/zopes_instance
$ mkdir -p etc/package-includes
$ cd etc/package-includes
$ ln -s \
/path/to/zope2.sessioncookie/zope2.sessioncookie-meta.zcml .
4. Generate a 32-byte, hexlified secret::
$ /path/to/virtualenv_with_zope2/bin/print_secret
DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF
4. Edit the ``site.zcml`` for your instance. E.g.::
$ cd /path/to/zopes_instance
$ vim etc/site.zcml
Add an XML namespace declaration at the top, e.g.::
xmlns:sc="https://github.com/zopefoundation/zope2.sessioncookie"
Add a stanza near the end, configuring the cookie session. E.g.::
<sc:sessioncookie
secret="DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF"
secure="False"
encrypt="True"/>
5. Run the installation script, which disables the standard session
manager and adds the new hook. E.g.::
$ bin/zopectl run \
/path/to/zope2.sessioncookie/zope2/sessioncookie/scripts/install.py
6. (Re)start your Zope instance. Test methods which set session variables,
and inspect request / response cookies to see that ``_ZopeId`` is no longer
being set, while ``session`` *is* set (with encrypted, base64-encoded data).
Changelog
=========
0.7 (2015-12-16)
----------------
- Fix example ZCML snippet in ``README.rst`` (PR #3).
- Fix ZCML namespace in ``zope2/sessioncookie/meta.zcml`` (PR #3).
- Add script for uninstalling the root traversal hook (PR #2).
0.6.1 (2015-12-08)
------------------
- Packaging bug: add missing ``MANIFEST.in``.
0.6 (2015-11-23)
----------------
- Transferred copyright to Zope Foundation, relicensed to ZPL 2.1.
- Rename from ``zope2.signedsessioncookie`` -> ``zope2.sessioncookie``.
- Replace locally-defined ``EncryptingPickleSerialzer`` with
``pyramid_nacl_session.EncryptedSerializer``. Closes #8 and #9.
0.5 (2015-10-08)
----------------
- Add support for (optionally) encrypting session cookies, rather than
signing them.
0.4 (2015-10-05)
----------------
- Add an attribute, ``signedsessioncookie_installed``, to the root object
during installation.
0.3 (2015-09-30)
----------------
- Fix rendering ``http_only`` cookie attribute.
0.2 (2015-09-29)
----------------
- Add support for extra Pyramid session configuration via ZCML:
``hash_algorithm``, ``timeout``, ``reissue_time``.
- Suppress empty / None values in cookie attributes passed to
``ZPublisher.HTTPResponse.setCookie``.
- Refactor install script to allow reuse from other modules.
- Fix compatibility w/ ``zope.configuration 3.7.4``.
0.1 (2015-09-18)
----------------
- Initial release.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
zope2.sessioncookie-0.7.tar.gz
(11.0 kB
view hashes)
