diff options
| author | Chris McDonough <chrism@plope.com> | 2013-12-10 14:51:20 -0500 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2013-12-10 14:51:27 -0500 |
| commit | ab579e223f7a719acd4dd2c5ddeeb70953bec0e7 (patch) | |
| tree | 451bdbcfbd22edd25202784d36b0cfffac36049a | |
| parent | 767e44f2fe7c238d0c67308e2e94241236a522e4 (diff) | |
| download | pyramid-ab579e223f7a719acd4dd2c5ddeeb70953bec0e7.tar.gz pyramid-ab579e223f7a719acd4dd2c5ddeeb70953bec0e7.tar.bz2 pyramid-ab579e223f7a719acd4dd2c5ddeeb70953bec0e7.zip | |
add note about non-bw-compat between SignedCookieSessionFactory and UnencryptedCookieSessionFactory. Ref #1200.
| -rw-r--r-- | CHANGES.txt | 12 | ||||
| -rw-r--r-- | pyramid/session.py | 9 |
2 files changed, 15 insertions, 6 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 0508abc61..7e044bf0d 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -35,11 +35,13 @@ Features See https://github.com/Pylons/pyramid/pull/1149 - Added a new ``SignedCookieSessionFactory`` which is very similar to the - ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on - signing content. The custom serializer arguments to this function should - only focus on serializing, unlike its predecessor which required the - serializer to also perform signing. - See https://github.com/Pylons/pyramid/pull/1142 + ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on signing + content. The custom serializer arguments to this function should only focus + on serializing, unlike its predecessor which required the serializer to also + perform signing. See https://github.com/Pylons/pyramid/pull/1142 . Note + that cookies generated using ``SignedCookieSessionFactory`` are not + compatible with cookies generated using ``UnencryptedCookieSessionFactory``, + so existing user session data will be destroyed if you switch to it. - Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie factory that can be used by framework implementors to create their own diff --git a/pyramid/session.py b/pyramid/session.py index c9d738b9c..8c9900975 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -382,6 +382,10 @@ def UnencryptedCookieSessionFactoryConfig( """ .. deprecated:: 1.5 Use :func:`pyramid.session.SignedCookieSessionFactory` instead. + Caveat: Cookies generated using ``SignedCookieSessionFactory`` are not + compatible with cookies generated using + ``UnencryptedCookieSessionFactory``, so existing user session data will + be destroyed if you switch to it. Configure a :term:`session factory` which will provide unencrypted (but signed) cookie-based sessions. The return value of this @@ -466,7 +470,10 @@ def UnencryptedCookieSessionFactoryConfig( deprecated( 'UnencryptedCookieSessionFactoryConfig', 'The UnencryptedCookieSessionFactoryConfig callable is deprecated as of ' - 'Pyramid 1.5. Use ``pyramid.session.SignedCookieSessionFactory`` instead.' + 'Pyramid 1.5. Use ``pyramid.session.SignedCookieSessionFactory`` instead. ' + 'Caveat: Cookies generated using SignedCookieSessionFactory are not ' + 'compatible with cookies generated using UnencryptedCookieSessionFactory, ' + 'so existing user session data will be destroyed if you switch to it.' ) def SignedCookieSessionFactory( |