summaryrefslogtreecommitdiff
path: root/docs/narr/sessions.rst
AgeCommit message (Collapse)Author
2020-11-28add examples for upgradingMichael Merickel
2019-11-05typo and tabsjonathan vanasco
2019-11-05fixed rst; migrated some inline references to the docsjonathan vanasco
2019-11-05changes based on feedbackjonathan vanasco
2019-11-05deprecate PickleSerializerjonathan vanasco
2018-11-03fix wordingBert JW Regeer
Co-Authored-By: mmerickel <github@m.merickel.org>
2018-11-03change to use JSONSerializer for SignedCookieSessionFactoryMichael Merickel
2018-09-25show how to use the serializerMichael Merickel
2018-09-16ref after index apparentlyMichael Merickel
2018-09-16tweak some docsMichael Merickel
2018-09-16deprecate pickleable sessions, recommend jsonMichael Merickel
2018-09-04fix spelling errorStephen Martin
2018-09-04clarify session factory warningsStephen Martin
2018-08-18Clean up code-blocks in sessionsSteve Piercy
2018-04-24link to pypi.orgMichael Merickel
2017-06-27Update all external links per `make linkcheck`Steve Piercy
- Most are changing http to https, or readthedocs.org to readthedocs.io, and some for Python packaging reorganizing some docs into tutorials, as well as miscellaneous changes.
2017-04-26Apply drafting changes to documentation.Matthew Wilkes
2017-04-12Fix tests and documentation in various places, and feedback following reviewJure Cerjak
regarding naming of variables and code cleanup.
2017-04-12Create a new ICSRF implementation for getting CSRF tokens, split out from ↵Matthew Wilkes
the session machinery. Adds configuration of this to the csrf_options configurator commands. Make the default implementation a fallback to the old one. Documentation patches for new best practices given updates CSRF implementation.
2016-10-06Add pyramid_nacl_session to session factoriesSteve Piercy
- closes #2791
2016-04-24Allow Sphinx doctests to run and pass with `make doctest ↵Steve Piercy
SPHINXBUILD=$VENV/bin/sphinx-build`. - TODO: two tests in `docs/narr/hooks.rst`
2016-04-24update bad linkSteve Piercy
2016-04-19replace pyramid.require_default_csrf setting with ↵Michael Merickel
config.set_default_csrf_options
2016-04-16In addition to CSRF token, verify the origin tooDonald Stufft
Add an additional layer of protection against CSRF by verifying the actual origin of the request in addition to the CSRF token. We only do this check on sites hosted behind HTTPS because only HTTPS sites have evidence to show that the Referrer header is not being spuriously removed by random middleware boxes.
2016-04-15Have Automatic CSRF on all unsafe HTTP methodsDonald Stufft
Instead of only protecting against unsafe POST requests, have the automatic CSRF protect on all methods which are not defined as "safe" by RFC2616.
2016-04-15Only Accept CSRF Tokens in headers or POST bodiesDonald Stufft
Previously `check_csrf_token` would allow passing in a CSRF token in through a the URL of a request. However this is a security issue because a CSRF token must not be allowed to leak, and URLs regularly get copy/pasted or otherwise end up leaking to the outside world.
2016-04-10cleanup some references in the docsMichael Merickel
2016-04-10deprecate the check_csrf predicateMichael Merickel
2016-04-10rewrite csrf checks to support a global setting to turn it onMichael Merickel
- only check csrf on POST - support "pyramid.require_default_csrf" setting - support "require_csrf=True" to fallback to the global setting to determine the token name
2015-10-16minor grammar, rewrap 79 colsSteve Piercy
(cherry picked from commit a18960a)
2015-05-31- update testing and templating remarksSteve Piercy
- grammar, punctuation, 79-column rewrapping, case corrections
2015-05-30Added notes on check_csrf view predicate. Also it is an add_view parameter, ↵Kiss György
not add_route.
2015-01-07Provide a ref to check_csrf_tokenPavlo Kapyshin
2015-01-07Fix renderingPavlo Kapyshin
2014-02-10- Update list of session packagesSteve Piercy
- Update Quick Tour section on sessions - Closes PR #1150
2013-10-19Merge branch 'master' into feature.signed-cookie-sessionMichael Merickel
2013-10-19update the docsMichael Merickel
2013-10-17fix documentation for csrf checkingMichael Merickel
2013-10-02fix the docs build and get rid of stray references to BeakerChris McDonough
2013-10-02Merge pull request #1138 from kpinc/doc_sessionChris McDonough
Docs: sessions.rst: Explain example.
2013-10-02Docs: sessions.rst: Sessions only work when the client cooperates.Karl O. Pinc
2013-10-02- Removed mention of ``pyramid_beaker`` from docs. Beaker is no longerChris McDonough
maintained. Point people at ``pyramid_redis_sessions`` instead.
2013-10-02Docs: sessions.rst: Explain example.Karl O. Pinc
2013-08-13Merge remote-tracking branch 'origin/master' into docs.gettingstartedPaul Everitt
Conflicts: docs/index.rst docs/latexindex.rst setup.py
2013-08-12All wrapped up, pre-merge.Paul Everitt
2013-08-06add redis session mentionChris McDonough
2013-06-04Add examples to narrative CSRF docsLuke Cyca
2013-06-02Edited narrative docs about CSRFLuke Cyca
2013-03-23no need to qualify Python interactive sessionsTshepang Lekhonkhobe
Sphinx automatically notices them as Python snippets and gives them syntax highlighting. These snippets are also too short to deserve linenos.
2013-01-29pluralizeTshepang Lekhonkhobe
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-11 11:23:16 +0000