Merge ~cjwatson/launchpad:py3-loggerhead-secure-cookie into launchpad:master
Proposed by
Colin Watson
Status: | Merged |
---|---|
Approved by: | Colin Watson |
Approved revision: | 8d2e473bee7b3ebd094c2207c86eaf47d5232f80 |
Merge reported by: | Otto Co-Pilot |
Merged at revision: | not available |
Proposed branch: | ~cjwatson/launchpad:py3-loggerhead-secure-cookie |
Merge into: | launchpad:master |
Diff against target: |
172 lines (+54/-37) 4 files modified
lib/launchpad_loggerhead/session.py (+48/-32) lib/launchpad_loggerhead/tests.py (+2/-5) requirements/launchpad.txt (+2/-0) setup.py (+2/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Cristian Gonzalez (community) | Approve | ||
Review via email: mp+399127@code.launchpad.net |
Commit message
Replace Loggerhead cookie handling using secure-cookie
Description of the change
paste.auth.cookie is deprecated, and getting it to work with Python 3 is cumbersome at best. Switch to secure-cookie, which seems to have a nicer API for our purposes, appears to be better-maintained (by the Werkzeug folks), and allows us to fix a long-standing minor deficiency around deleting session cookies on logout.
This will break existing Loggerhead sessions. I think that's OK since it's a one-time thing, but it's worth noting.
Dependencies MP: https:/
To post a comment you must log in.
Nice change even with the trade off, totally worth it.