Implement signed cookie backend

Open seliopou opened this issue 10 years ago • 0 comments

On the suggestion of @edwintorok on the mailing list, implement a signed cookie backend that uses the client to store all session data. Verify that the session data hasn't been tampered with by signing the session data before sending it to the client. Examples of this include:

Secure Cookie from Werkzeug;
Cookie-based sessions from Django;
and the itsdangerous Python library.

@tizoc also mentioned that he has implemented this and included the implementation in a gist, which could hopefully be the basis for the implementation of a secure cookie backend for this project.

Dec 18 '15 17:12 seliopou