You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/07/18 21:02:17 UTC

[10/28] git commit: [#7551] session cookies can be httpOnly; remove unused 'secret'; comments

[#7551] session cookies can be httpOnly; remove unused 'secret'; comments

The beaker.session.secret value is only used for storage-backed sessions,
we use the validate_key for pure cookie sessions.


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/d9e2aa74
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/d9e2aa74
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/d9e2aa74

Branch: refs/heads/db/7523
Commit: d9e2aa74b3c8f22e7581052e4d78b79a209dfa74
Parents: 07c7c36
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Tue Jul 8 19:14:53 2014 +0000
Committer: Dave Brondsema <da...@brondsema.net>
Committed: Wed Jul 9 12:33:50 2014 -0400

----------------------------------------------------------------------
 Allura/development.ini | 6 +++++-
 requirements.txt       | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/d9e2aa74/Allura/development.ini
----------------------------------------------------------------------
diff --git a/Allura/development.ini b/Allura/development.ini
index a410994..c26f459 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -53,9 +53,13 @@ base_url = http://localhost:8080
 
 #lang = ru
 cache_dir = %(here)s/data
+
+; Docs at http://beaker.readthedocs.org/en/latest/configuration.html#session-options
+; and http://beaker.readthedocs.org/en/latest/modules/session.html#beaker.session.CookieSession
 beaker.session.key = allura
 beaker.session.type = cookie
-beaker.session.secret = 61ece7db-ba8d-49fe-a923-ab444741708c
+beaker.session.httponly = true
+; CHANGE THIS VALUE FOR YOUR SITE
 beaker.session.validate_key = 714bfe3612c42390726f
 
 # Google Analytics account for tracking

http://git-wip-us.apache.org/repos/asf/allura/blob/d9e2aa74/requirements.txt
----------------------------------------------------------------------
diff --git a/requirements.txt b/requirements.txt
index 359b134..0800820 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,7 @@
 pytz==2012j
 ActivityStream==0.2.0
 BeautifulSoup==3.2.0
+Beaker==1.6.4
 chardet==1.0.1
 colander==0.9.3
 # dep of pypeline
@@ -53,7 +54,6 @@ wsgiref==0.1.2
 
 # tg2 deps (not used directly)
 Babel==0.9.6
-Beaker==1.5.4
 Mako==0.3.2
 MarkupSafe==0.15
 Pylons==1.0