zope2.sessioncookie 0.8

Installation

1. Clone the repository. E.g.:

   $ cd /path/to/
   $ git clone git@github.com:zopefoundation/zope2.sessioncookie

2. Get zope2.sessioncookie installed on the Python path. E.g.:

   $ cd /path/to/zope2.sessioncookie
   $ /path/to/virtualenv_with_zope2/bin/pip install -e .
   ...

3. Copy / link the zope2.sessioncookie-meta.zcml file into the $INSTANCE_HOME/etc/package-includes of your Zope instance. (You might need to create the directory first.) E.g.:

   $ cd /path/to/zopes_instance
   $ mkdir -p etc/package-includes
   $ cd etc/package-includes
   $ ln -s \
       /path/to/zope2.sessioncookie/zope2.sessioncookie-meta.zcml .

4. Generate a 32-byte, hexlified secret:

   $ /path/to/virtualenv_with_zope2/bin/print_secret
   DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF

4. Edit the site.zcml for your instance. E.g.:

   $ cd /path/to/zopes_instance
   $ vim etc/site.zcml

   Add an XML namespace declaration at the top, e.g.:

   xmlns:sc="https://github.com/zopefoundation/zope2.sessioncookie"

   Add a stanza near the end, configuring the cookie session. E.g.:

   <sc:sessioncookie
    secret="DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF"
    secure="False"
    encrypt="True"/>

5. Run the installation script, which disables the standard session manager and adds the new hook. E.g.:

   $ bin/zopectl run \
       /path/to/zope2.sessioncookie/zope2/sessioncookie/scripts/install.py

6. (Re)start your Zope instance. Test methods which set session variables, and inspect request / response cookies to see that _ZopeId is no longer being set, while session is set (with encrypted, base64-encoded data).

0.8 (2016-04-28)

• Add a ZopeCookieSession.set method (PR #4).

0.7.1 (2015-12-16)

• Packaging bug: fix rendering of README.txt in --long-description output.

0.7 (2015-12-16)

• Fix example ZCML snippet in README.rst (PR #3).

• Fix ZCML namespace in zope2/sessioncookie/meta.zcml (PR #3).

• Add script for uninstalling the root traversal hook (PR #2).

0.6.1 (2015-12-08)

• Packaging bug: add missing MANIFEST.in.

0.6 (2015-11-23)

• Transferred copyright to Zope Foundation, relicensed to ZPL 2.1.

• Rename from zope2.signedsessioncookie -> zope2.sessioncookie.

• Replace locally-defined EncryptingPickleSerialzer with pyramid_nacl_session.EncryptedSerializer. Closes #8 and #9.

0.5 (2015-10-08)

• Add support for (optionally) encrypting session cookies, rather than signing them.

0.4 (2015-10-05)

• Add an attribute, signedsessioncookie_installed, to the root object during installation.

0.3 (2015-09-30)

• Fix rendering http_only cookie attribute.

0.2 (2015-09-29)

• Add support for extra Pyramid session configuration via ZCML: hash_algorithm, timeout, reissue_time.

• Suppress empty / None values in cookie attributes passed to ZPublisher.HTTPResponse.setCookie.

• Refactor install script to allow reuse from other modules.

• Fix compatibility w/ zope.configuration 3.7.4.

0.1 (2015-09-18)

• Initial release.