Issue #173 resolved

Make session id generator configurable

Sylvain Hellegouarch
created an issue

The sessionfilter has the following function :



def generateSessionId(): s = '' for i in xrange(50): s += random.choice(string.letters + string.digits) s += '%s' % time.time() return sha.sha(s).hexdigest() }}}

It'll be nice if we could configure it a bit. Like for instance being able to specify which encryption to use (sha, md5, etc.) And maybe being able to totally change the way it computes an id.

I'm not sure how realistic this is though.

Besides that, it is quite bad to do a string concatenation. We should build up a list and simply apply join on it at the end.

Comments (4)

  1. Robert Brewer

    I'll fix the concatenation issue in the next revision.

    Developers can replace generateSessionId, either statically or dynamically, if they want some other strategy.

  2. Sylvain Hellegouarch reporter


    Though I still think that we could have the option of the encryption like this :

    encyption = cpg.config.get('session.encryption', 'sha')
    if encryption == 'md5': 
    return sha.sha(s).hexdigest()
  3. Anonymous

    Loop issue has beend fixed in changeset 291

    The encryption choice issue is not so much needed. Let's close it for now on. sha encryption is very good.

  4. Log in to comment