secure-cookie icon indicating copy to clipboard operation
secure-cookie copied to clipboard

Published 20 hours ago verified publisher icon pallets-eco

Use itsdangerous library to sign cookie

Open sblondon opened this issue 4 years ago • 2 comments

This PR is about issue https://github.com/pallets/secure-cookie/issues/6.

The previous serialization/deserialization is still in the code, until it will be removed in a another future release.

What do you think about it? Do you see improvements to add? Perhaps the itsdangerous library version should be more restricted?

sblondon avatar Apr 03 '20 18:04 sblondon

Is this code similar to Flask's use of ItsDangerous for the session cookie? Haven't had a chance to compare yet. If not, we should identify how it's different and why here.

davidism avatar Apr 03 '20 18:04 davidism

The current added code for serialize() and unserialize() methods are based on the previous implementations (which are located in this patch in _mac_serialize() and _mac_unserialize() methods).

SecureCookieSessionInterface() class use classes from itsdangerous library (BadSignature and URLSafeTimedSerializer) but don't have serialize() and unserialize() methods.

So I don't understand what needs to be compared. Could you give me some hints?

sblondon avatar Apr 04 '20 12:04 sblondon