diff options
| author | Casey Duncan <casey.duncan@gmail.com> | 2011-01-05 23:58:24 -0700 |
|---|---|---|
| committer | Casey Duncan <casey.duncan@gmail.com> | 2011-01-05 23:58:24 -0700 |
| commit | e5f66f8e839ee5d7eeaebb118c9d03f11578dd14 (patch) | |
| tree | 84a61488b162e0014b7d2529586086e7c47f5305 /docs | |
| parent | 826fd7b11d190dafe9571e10eb7c2cf96ed97732 (diff) | |
| download | pyramid-e5f66f8e839ee5d7eeaebb118c9d03f11578dd14.tar.gz pyramid-e5f66f8e839ee5d7eeaebb118c9d03f11578dd14.tar.bz2 pyramid-e5f66f8e839ee5d7eeaebb118c9d03f11578dd14.zip | |
add parens to method references
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/narr/sessions.rst | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/docs/narr/sessions.rst b/docs/narr/sessions.rst index 6a6de2639..edd24d839 100644 --- a/docs/narr/sessions.rst +++ b/docs/narr/sessions.rst @@ -301,19 +301,18 @@ as described in :ref:`using_the_default_session_factory` or Using the ``session.new_csrf_token`` Method ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -To add a CSRF token to the session, use the ``session.new_csrf_token`` method. +To add a CSRF token to the session, use the ``session.new_csrf_token()`` method. .. code-block:: python - :linenos: token = request.session.new_csrf_token() -The ``.new_csrf_token`` method accepts no arguments. It returns a *token* +The ``new_csrf_token()`` method accepts no arguments. It returns a *token* string, which will be opaque and randomized. This token will also be set -into the session, awaiting pickup by the ``session.get_csrf_token`` method. +into the session, awaiting pickup by the ``session.get_csrf_token()`` method. You can subsequently use the returned token as the value of a hidden field in a form that posts to a method that requires elevated privileges. The handler -for the form post should use ``session.get_csrf_token`` (explained below) to +for the form post should use ``session.get_csrf_token()`` (explained below) to obtain the current CSRF token related to the user from the session, and compare it to the value of the hidden form field. @@ -321,19 +320,18 @@ Using the ``session.get_csrf_token`` Method ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To get the current CSRF token from the session, use the -``session.get_csrf_token`` method. +``session.get_csrf_token()`` method. .. code-block:: python - :linenos: token = request.session.get_csrf_token() -The ``get_csrf_token`` method accepts no arguments. It returns the "current" -*token* string (as per the last call to ``session.new_csrf_token``). You can +The ``get_csrf_token()`` method accepts no arguments. It returns the "current" +*token* string (as per the last call to ``session.new_csrf_token()``). You can then use it to compare against the token provided within form post hidden value data. For example, if your form rendering included the CSRF token -obtained via ``session.new_csrf_token`` as a hidden input field named -``csrf_token``: +obtained via ``session.new_csrf_token()`` as a hidden input field named +``csrf_token()``: .. code-block:: python :linenos: @@ -342,5 +340,3 @@ obtained via ``session.new_csrf_token`` as a hidden input field named if token != request.POST['csrf_token']: raise ValueError('CSRF token did not match') - - |