diff options
| author | Chris McDonough <chrism@plope.com> | 2010-11-02 03:43:46 -0400 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2010-11-02 03:43:46 -0400 |
| commit | 098e16b816ec19c19e89a4a7fd56e5ea050cdd12 (patch) | |
| tree | 7efe39cf8521549f09889cc2026182c2b0ff0129 /docs/narr | |
| parent | e65e5b726d8460fafc9fbcbc4ab7c45e0e5406ba (diff) | |
| download | pyramid-098e16b816ec19c19e89a4a7fd56e5ea050cdd12.tar.gz pyramid-098e16b816ec19c19e89a4a7fd56e5ea050cdd12.tar.bz2 pyramid-098e16b816ec19c19e89a4a7fd56e5ea050cdd12.zip | |
Insecure -> Unencrypted
Diffstat (limited to 'docs/narr')
| -rw-r--r-- | docs/narr/sessions.rst | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/docs/narr/sessions.rst b/docs/narr/sessions.rst index f27669738..43cb78410 100644 --- a/docs/narr/sessions.rst +++ b/docs/narr/sessions.rst @@ -40,8 +40,8 @@ application by using the ``session_factory`` argument to the .. code-block:: python :linenos: - from pyramid.session import InsecureCookieSessionFactoryConfig - my_session_factory = InsecureCookieSessionFactoryConfig('itsaseekreet') + from pyramid.session import UnencryptedCookieSessionFactoryConfig + my_session_factory = UnencryptedCookieSessionFactoryConfig('itsaseekreet') from pyramid.configuration import Configurator config = Configurator(session_factory = my_session_factory) @@ -49,15 +49,14 @@ application by using the ``session_factory`` argument to the .. warning:: Note the very long, very explicit name for - ``InsecureCookieSessionFactoryConfig``. It's trying to tell you - that this implementation is, by default, *insecure*. You should - not use it when you keep sensitive information in the session - object, as the information can be easily read by both users of your - application and third parties who have access to your users' - network traffic. Use a different session factory implementation - (preferably one which keeps session data on the server) for - anything but the most basic of applications where "session security - doesn't matter". + ``UnencryptedCookieSessionFactoryConfig``. It's trying to tell you that + this implementation is, by default, *unencrypted*. You should not use it + when you keep sensitive information in the session object, as the + information can be easily read by both users of your application and third + parties who have access to your users' network traffic. Use a different + session factory implementation (preferably one which keeps session data on + the server) for anything but the most basic of applications where "session + security doesn't matter". Using a Session Object ---------------------- |