diff options
| author | Michael Merickel <michael@merickel.org> | 2014-04-29 20:32:08 -0500 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2014-04-29 20:32:08 -0500 |
| commit | dd4f73f2543e350c0b4141efe31842be00161fa9 (patch) | |
| tree | 109185c535220173cad6a2562f4d5774e9e8b5b4 | |
| parent | cc1b05c71a2972d816a3deb4cd68f7405190da6e (diff) | |
| download | pyramid-dd4f73f2543e350c0b4141efe31842be00161fa9.tar.gz pyramid-dd4f73f2543e350c0b4141efe31842be00161fa9.tar.bz2 pyramid-dd4f73f2543e350c0b4141efe31842be00161fa9.zip | |
require ISession.invalidate to leave behind a usable session
| -rw-r--r-- | CHANGES.txt | 3 | ||||
| -rw-r--r-- | pyramid/interfaces.py | 8 |
2 files changed, 10 insertions, 1 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index c14939d81..02be109db 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -14,6 +14,9 @@ Next release - ``pyramid.wsgi.wsgiapp`` and ``pyramid.wsgi.wsgiapp2`` now raise ``ValueError`` when accidentally passed ``None``. +- Clarify a previously-implied detail of the ``ISession.invalidate`` API + documentation. + 1.5 (2014-04-08) ================ diff --git a/pyramid/interfaces.py b/pyramid/interfaces.py index 75b9b1cb9..aa2dbdafd 100644 --- a/pyramid/interfaces.py +++ b/pyramid/interfaces.py @@ -910,7 +910,13 @@ class ISession(IDict): ``invalidate`` is implementation-dependent, but it should have the effect of completely dissociating any data stored in the session with the current request. It might set response - values (such as one which clears a cookie), or it might not.""" + values (such as one which clears a cookie), or it might not. + + An invalidated session may be used after the call to ``invalidate`` + with the effect that a new session is created to store the data. This + enables workflows requiring an entirely new session, such as in the + case of changing privilege levels or preventing fixation attacks. + """ def changed(): """ Mark the session as changed. A user of a session should |