You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/07/08 21:53:47 UTC

git commit: [#7551] session cookies can be httpOnly; remove unused 'secret'; comments

Repository: allura
Updated Branches:
  refs/heads/db/7551 [created] 65de2552d


[#7551] session cookies can be httpOnly; remove unused 'secret'; comments

The beaker.session.secret value is only used for storage-backed sessions,
we use the validate_key for pure cookie sessions.


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/65de2552
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/65de2552
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/65de2552

Branch: refs/heads/db/7551
Commit: 65de2552d119003cc9a12f88d6b83f7b4bdd2a95
Parents: 1851fd7
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Tue Jul 8 19:14:53 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Tue Jul 8 19:14:53 2014 +0000

----------------------------------------------------------------------
 Allura/development.ini | 6 +++++-
 requirements.txt       | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/65de2552/Allura/development.ini
----------------------------------------------------------------------
diff --git a/Allura/development.ini b/Allura/development.ini
index a410994..c26f459 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -53,9 +53,13 @@ base_url = http://localhost:8080
 
 #lang = ru
 cache_dir = %(here)s/data
+
+; Docs at http://beaker.readthedocs.org/en/latest/configuration.html#session-options
+; and http://beaker.readthedocs.org/en/latest/modules/session.html#beaker.session.CookieSession
 beaker.session.key = allura
 beaker.session.type = cookie
-beaker.session.secret = 61ece7db-ba8d-49fe-a923-ab444741708c
+beaker.session.httponly = true
+; CHANGE THIS VALUE FOR YOUR SITE
 beaker.session.validate_key = 714bfe3612c42390726f
 
 # Google Analytics account for tracking

http://git-wip-us.apache.org/repos/asf/allura/blob/65de2552/requirements.txt
----------------------------------------------------------------------
diff --git a/requirements.txt b/requirements.txt
index 359b134..0800820 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,7 @@
 pytz==2012j
 ActivityStream==0.2.0
 BeautifulSoup==3.2.0
+Beaker==1.6.4
 chardet==1.0.1
 colander==0.9.3
 # dep of pypeline
@@ -53,7 +54,6 @@ wsgiref==0.1.2
 
 # tg2 deps (not used directly)
 Babel==0.9.6
-Beaker==1.5.4
 Mako==0.3.2
 MarkupSafe==0.15
 Pylons==1.0