summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris McDonough <chrism@plope.com>2013-12-10 14:51:20 -0500
committerChris McDonough <chrism@plope.com>2013-12-10 14:51:27 -0500
commitab579e223f7a719acd4dd2c5ddeeb70953bec0e7 (patch)
tree451bdbcfbd22edd25202784d36b0cfffac36049a
parent767e44f2fe7c238d0c67308e2e94241236a522e4 (diff)
downloadpyramid-ab579e223f7a719acd4dd2c5ddeeb70953bec0e7.tar.gz
pyramid-ab579e223f7a719acd4dd2c5ddeeb70953bec0e7.tar.bz2
pyramid-ab579e223f7a719acd4dd2c5ddeeb70953bec0e7.zip
add note about non-bw-compat between SignedCookieSessionFactory and UnencryptedCookieSessionFactory. Ref #1200.
-rw-r--r--CHANGES.txt12
-rw-r--r--pyramid/session.py9
2 files changed, 15 insertions, 6 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index 0508abc61..7e044bf0d 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -35,11 +35,13 @@ Features
See https://github.com/Pylons/pyramid/pull/1149
- Added a new ``SignedCookieSessionFactory`` which is very similar to the
- ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on
- signing content. The custom serializer arguments to this function should
- only focus on serializing, unlike its predecessor which required the
- serializer to also perform signing.
- See https://github.com/Pylons/pyramid/pull/1142
+ ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on signing
+ content. The custom serializer arguments to this function should only focus
+ on serializing, unlike its predecessor which required the serializer to also
+ perform signing. See https://github.com/Pylons/pyramid/pull/1142 . Note
+ that cookies generated using ``SignedCookieSessionFactory`` are not
+ compatible with cookies generated using ``UnencryptedCookieSessionFactory``,
+ so existing user session data will be destroyed if you switch to it.
- Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie
factory that can be used by framework implementors to create their own
diff --git a/pyramid/session.py b/pyramid/session.py
index c9d738b9c..8c9900975 100644
--- a/pyramid/session.py
+++ b/pyramid/session.py
@@ -382,6 +382,10 @@ def UnencryptedCookieSessionFactoryConfig(
"""
.. deprecated:: 1.5
Use :func:`pyramid.session.SignedCookieSessionFactory` instead.
+ Caveat: Cookies generated using ``SignedCookieSessionFactory`` are not
+ compatible with cookies generated using
+ ``UnencryptedCookieSessionFactory``, so existing user session data will
+ be destroyed if you switch to it.
Configure a :term:`session factory` which will provide unencrypted
(but signed) cookie-based sessions. The return value of this
@@ -466,7 +470,10 @@ def UnencryptedCookieSessionFactoryConfig(
deprecated(
'UnencryptedCookieSessionFactoryConfig',
'The UnencryptedCookieSessionFactoryConfig callable is deprecated as of '
- 'Pyramid 1.5. Use ``pyramid.session.SignedCookieSessionFactory`` instead.'
+ 'Pyramid 1.5. Use ``pyramid.session.SignedCookieSessionFactory`` instead. '
+ 'Caveat: Cookies generated using SignedCookieSessionFactory are not '
+ 'compatible with cookies generated using UnencryptedCookieSessionFactory, '
+ 'so existing user session data will be destroyed if you switch to it.'
)
def SignedCookieSessionFactory(