summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES.txt3
-rw-r--r--pyramid/session.py6
2 files changed, 7 insertions, 2 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index 84d0694e3..6372c904d 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -4,6 +4,9 @@ Unreleased
- Avoid crash in ``pserve --reload`` under Py3k, when iterating over posiibly
mutated ``sys.modules``.
+- ``UnencryptedCookieSessionFactoryConfig`` failed if the secret contained
+ higher order characters. See https://github.com/Pylons/pyramid/issues/1246
+
1.5b1 (2014-02-08)
==================
diff --git a/pyramid/session.py b/pyramid/session.py
index 3a045b91b..d1964c43e 100644
--- a/pyramid/session.py
+++ b/pyramid/session.py
@@ -57,7 +57,7 @@ def signed_serialize(data, secret):
response.set_cookie('signed_cookie', cookieval)
"""
pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)
- sig = hmac.new(bytes_(secret), pickled, hashlib.sha1).hexdigest()
+ sig = hmac.new(bytes_(secret, 'utf-8'), pickled, hashlib.sha1).hexdigest()
return sig + native_(base64.b64encode(pickled))
def signed_deserialize(serialized, secret, hmac=hmac):
@@ -81,7 +81,9 @@ def signed_deserialize(serialized, secret, hmac=hmac):
# Badly formed data can make base64 die
raise ValueError('Badly formed base64 data: %s' % e)
- sig = bytes_(hmac.new(bytes_(secret), pickled, hashlib.sha1).hexdigest())
+ sig = bytes_(hmac.new(
+ bytes_(secret, 'utf-8'), pickled, hashlib.sha1,
+ ).hexdigest())
# Avoid timing attacks (see
# http://seb.dbzteam.org/crypto/python-oauth-timing-hmac.pdf)
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-17 16:50:30 +0000