Use itsdangerous library to sign cookie #11
Conversation
src/secure_cookie/cookie.py
Outdated
|
|
||
| @classmethod | ||
| def _mac_unserialize(cls, string, secret_key): | ||
| warnings.warn("Obsolete serialization method used", DeprecationWarning) |
There was a problem hiding this comment.
This message needs to be more exact. Something like "Unserializing using the old scheme. This is deprecated and the fallback will be removed in version 2.0. Ensure cookies are re-serialized using the new ItsDangerous scheme."
Should also use stacklevel=3 or whatever level makes the error show where in user code caused it.
There was a problem hiding this comment.
I updated this part. The new string is longer than required by black so I added a # noqa comment to ignore it. If you prefer, I can extract it in a variable to reformat it.
I don't think it's necessary because the _mac_unserialize() method will disappear in a future release. What is your opinion about it?
|
Is this code similar to Flask's use of ItsDangerous for the session cookie? Haven't had a chance to compare yet. If not, we should identify how it's different and why here. |
|
The current added code for SecureCookieSessionInterface() class use classes from So I don't understand what needs to be compared. Could you give me some hints? |
northernSage
added
enhancement
This PR is about issue #6.
The previous serialization/deserialization is still in the code, until it will be removed in a another future release.
What do you think about it? Do you see improvements to add?
Perhaps the
itsdangerouslibrary version should be more restricted?