django
django copied to clipboard
Improved docs for Signer to encourage more secure patterns.
After seeing a colleague use Signer
/TimestampSigner
without the salt
argument passed, I looked at the docs and found that they do not really encourage its use. This is unfortunate, because it really is required to avoid hacks once you have more than one use of it in your application. The best way to ensure correct usage is to always add the argument.
While I was there, I took the opportunity to explain and encourage better patterns, and updated the get_signed_cookie
and set_signed_cookie
docs accordingly.
Passing salt
to set_signed_cookie
is not quite as necessary, because it already uses the key
value as a salt, but I think it is still helpful. In a large project, it's possible that the same key could be validly used for set_signed_cookie(key)
but with different purposes - for example they might use a different path
argument, so the cookies wouldn't clash at the browser level, and therefore they wouldn't notice the clash.