Issue #422 resolved

[patch] sessionfilter changes -- tickets 289, 406, 408, 412, 416, ...

created an issue

The attached patch addresses sessionfilter issues brought up in #289, #406, #408, and #412.

The patch modifies the sessionfilter to allow users to provide their own methods to generate session IDs and to modify such IDs before storing them in cookies presented to the user. These methods are to be implemented in user-provided sessionStorage classes (session_filter.storage_class). The default storage types have been modified to support these methods, but their behavior is largely unchanged.

The patched sessionfilter should be backward-compatible with user-provided storage classes which do not implement the new methods (i.e., the sessionfilter will continue to behave the same way).

Some configuration parameters were also added (cookie domain, path, ...).

Comments (5)

  1. Log in to comment