def make_cookies(self): """ Create the necessary cookies to implement secure session handling (possibly over HTTPS). @return: a list of cookies. """ cookies = [] uid = self.get('_uid', -1) if uid > 0 and CFG_SITE_SECURE_URL.startswith("https://"): stub_cookie = Cookie(CFG_WEBSESSION_COOKIE_NAME + 'stub', 'HTTPS') else: stub_cookie = Cookie(CFG_WEBSESSION_COOKIE_NAME + 'stub', 'NO') cookies.append(stub_cookie) if self._req.is_https( ) or not CFG_SITE_SECURE_URL.startswith("https://") or uid <= 0: cookie = Cookie(CFG_WEBSESSION_COOKIE_NAME, self._sid) if CFG_SITE_SECURE_URL.startswith("https://") and uid > 0: cookie.secure = True cookie.httponly = True cookies.append(cookie) for cookie in cookies: cookie.path = '/' if self._remember_me: cookie.expires = time.time( ) + CFG_WEBSESSION_ONE_DAY * CFG_WEBSESSION_EXPIRY_LIMIT_REMEMBER cookie.max_age = CFG_WEBSESSION_ONE_DAY * CFG_WEBSESSION_EXPIRY_LIMIT_REMEMBER return cookies
def make_cookies(self): """ Create the necessary cookies to implement secure session handling (possibly over HTTPS). @return: a list of cookies. """ cookies = [] uid = self.get("uid", -1) if uid > 0 and CFG_SITE_SECURE_URL.startswith("https://"): stub_cookie = Cookie(CFG_WEBSESSION_COOKIE_NAME + "stub", "HTTPS") else: stub_cookie = Cookie(CFG_WEBSESSION_COOKIE_NAME + "stub", "NO") cookies.append(stub_cookie) if self._req.is_https() or not CFG_SITE_SECURE_URL.startswith("https://") or uid <= 0: cookie = Cookie(CFG_WEBSESSION_COOKIE_NAME, self._sid) if CFG_SITE_SECURE_URL.startswith("https://") and uid > 0: cookie.secure = True cookie.httponly = True cookies.append(cookie) for cookie in cookies: cookie.path = "/" if self._remember_me: cookie.expires = time.time() + self._timeout return cookies
def make_cookie(self): """ Reimplementation of L{BaseSession.make_cookie} method, that also consider the L{_remember_me} flag @return: a session cookie. @rtpye: {mod_python.Cookie.Cookie} """ cookie = Cookie(CFG_WEBSESSION_COOKIE_NAME, self._sid) cookie.path = '/' if self._remember_me: cookie.expires = time.time() + self._timeout return cookie