django-cookieless 0.7 : Python Package Index
django-cookieless 0.7 : Python Package Index
django-cookieless 0.7
Django cookie free sessions optional decorator
Latest Version: 0.9
Django Cookieless
Ed Crewe - December 2012
Overview
This package provides a sessions implementation and decorator class for views to allow for forms to maintain state without using cookies by posting the session id between forms, or via urls.
Django requires cookies to maintain session, and hence for authorisation.
This package is designed to cater for anonymous user session maintenance, without cookies.
WARNING : There are security issues with this, since it is not possible to use CSRF protection without session Cookies to maintain a separate token from that passed via the URL or form posts.
However there are cases when forms are used on a public site, where setting cookies is not desirable (due to privacy legislation), since technically they are not required for anonymous users to respond to forms. So if used, may necessitate requesting permission to set cookies, from the user.
Hence this package was devised to allow django to deliver multipage forms, without using cookies.
To ameliorate the security implications, a whitelist of allowed domains, can be set in the configuration.
Usage can also be restricted to a particular URL.
As another safety measure, handling of GET requests can be turned off, so that the encrypted session id is not present in any URLs.
Please NOTE: It is not advisable to use this package without some form of the above restrictions being in place.
For the purposes of using both cookie based and cookieless sessions together, there is a custom cookieless_signal(sender=request, created) and a 'no_cookies' flag when cookieless sessions are saved.
Both cater for hooking up custom code for handling these less secure sessions.
The package provides a decorator utility to turn off cookie setting for particular views (which also sets the csrf_exempt flag).
The package also handles the case of session handling for anonymous users with cookies disabled in the browser.
You can decorate views to prevent them setting cookies, whilst still retaining the use of Sessions. Usually this is easiest done in the urls.py of your core application ...
from cookieless.decorators import no_cookies
>>> urlpatterns = patterns('',
... url(r'^view_function/(\d{1,6})
, no_cookies(view_function)), ... url(r'^view_class/(\d{1,6}) , no_cookies(ViewClass.as_view())), ...)
Note that if a number of browser tabs are open on to a site with cookieless, they will each maintain a completely separate session, since without cookies the session is tied to the session posted from the pages accessed, not the client as a whole.
In cases where this is not the desired behaviour, then it can be reduced by using URL rewriting to make any links to open other windows pass session across. However of course this also means that potentially a session can be shared across browsers, too.
Installation
To install add the package via pip or other build tool, e.g. bin/pip install django-cookieless
Then replace the standard Session in the middleware settings:
>>> MIDDLEWARE_CLASSES = (
... 'django.middleware.gzip.GZipMiddleware',
... 'django.middleware.common.CommonMiddleware',
... 'django.middleware.transaction.TransactionMiddleware',
... # 'django.contrib.sessions.middleware.SessionMiddleware',
... 'cookieless.middleware.CookielessSessionMiddleware',
...)
django-cookieless 0.7 : Python Package Index的更多相关文章
- Ghost.py 0.1b3 : Python Package Index
Ghost.py 0.1b3 : Python Package Index Ghost.py 0.1b3 Download Ghost.py-0.1b3.tar.gz Webkit based web ...
- pyrailgun 0.24 : Python Package Index
pyrailgun 0.24 : Python Package Index pyrailgun 0.24 Download pyrailgun-0.24.zip Fast Crawler For Py ...
- qrcode 4.0.4 : Python Package Index
qrcode 4.0.4 : Python Package Index qrcode 4.0.4 Download qrcode-4.0.4.tar.gz QR Code image generato ...
- bottle-session 0.3 : Python Package Index
bottle-session 0.3 : Python Package Index bottle-session 0.3
- bottle-session 0.2 : Python Package Index
bottle-session 0.2 : Python Package Index bottle-session 0.2 Download bottle-session-0.2.tar.gz Redi ...
- graphterm 0.40.1 : Python Package Index
graphterm 0.40.1 : Python Package Index graphterm 0.40.1 Downloads ↓ A Graphical Terminal Interface ...
- Beaker 1.6.4 : Python Package Index
Beaker 1.6.4 : Python Package Index Beaker 1.6.4 Download Beaker-1.6.4.tar.gz A Session and Caching ...
- Django 2.0.1 官方文档翻译: 高级教程:如何编写可重用的app (page 13)
高级教程:如何编写可重用的app (page 13) 本节教程上接第七部分(Page 12).我们会把我们的 web-poll应用转换成一个独立的python包,你可以在新的项目中重用或者把它分享给其 ...
- Django 2.0.1 官方文档翻译: 文档目录 (Page 1)
Django documentation contents 翻译完成后会做标记. 文档按照官方提供的内容一页一页的进行翻译,有些内容涉及到其他节的内容,会慢慢补上.所有的翻译内容按自己的理解来写,尽量 ...
随机推荐
- 转:requirejs:让人迷惑的路径解析(~~不错)
接触过requirejs的童鞋可能都知道,无论是通过define来定义模块,还是通过require来加载模块,模块依赖声明都是很重要的一步.而其中涉及到的模块路径解析,对于新手来说,有的时候会让人觉得 ...
- pageContext.request.contextPath 和 request.getContextPath()
作用是取出部署的应用程序名,这样不管如何部署,所用路径都是正确的. El表达式的写法:${pageContext.request.contextPath} jsp的写法:<%=request.g ...
- veridata实验例(5)在更改主键列值,update操作将被分成两个语句
veridata实验例(5)更改主键列值,update操作将被分成两个语句 续接"veridata实验举例(4)验证veridata查找出updata.delete操作导致的不同步现象&qu ...
- BestCoder Round #50 (div.1) 1002 Run (HDU OJ 5365) 暴力枚举+正多边形判定
题目:Click here 题意:给你n个点,有多少个正多边形(3,4,5,6). 分析:整点是不能构成正五边形和正三边形和正六边形的,所以只需暴力枚举四个点判断是否是正四边形即可. #include ...
- [Swust OJ 247]--皇帝的新衣(组合数+Lucas定理)
题目链接:http://acm.swust.edu.cn/problem/0247/ Time limit(ms): 1000 Memory limit(kb): 65535 Descriptio ...
- [Swust OJ 234]--IrreducibleNumber(题意太坑)
题目链接:http://acm.swust.edu.cn/problem/0234/ Time limit(ms): 1000 Memory limit(kb): 65535 Descriptio ...
- Android 中 关闭部分 Activity 的方法总结
每一个activity都有自己的生命周期,被打开了最终就要被关闭. 四种结束当前的activity方法 但如果已经启动了四个Activity:A,B,C和D, 在D Activity里,想再启动一个A ...
- php函数参数
函数的参数 通过参数列表可以传递信息到函数,即以逗号作为分隔符的表达式列表.参数是从左向右求值的. PHP 支持按值传递参数(默认),通过引用传递参数以及默认参数.也支持可变长度参数列表,更多信息参见 ...
- cmake 学习笔记(一)
最大的Qt4程序群(KDE4)采用cmake作为构建系统 Qt4的python绑定(pyside)采用了cmake作为构建系统 开源的图像处理库 opencv 采用cmake 作为构建系统 ... 看 ...
- [Andriod官方API指南]连接之蓝牙
Bluetooth —— 蓝牙 The Android platform includes support for the Bluetooth network stack, which allows ...