Nope. I know it was created for a client of Agendaless, and I know it exists. I have not used it because I don’t store secret data in cookies, so using the signed factory one is easier and didn’t require additional crypto libraries to be added to my stack.
> On Nov 30, 2023, at 15:26, Jonathan Vanasco <jvana...@gmail.com> wrote: > > Wow. This looks great. I wish I knew about it sooner. > > Digging into the code, there was a PR to split things out and support JSON > serialization – however there are no unit tests covering this or docs for it. > @Delta do you know of any public examples of this usage? If so I'd be happy > to play around with it and generate a PR for unit tests. > > I often manually generate and read encrypted cookies, which can be a chore. > This would be incredibly useful to me in a few projects. > > On Thursday, November 30, 2023 at 2:48:03 PM UTC-5 Delta Regeer wrote: >> Use >> https://docs.pylonsproject.org/projects/pyramid-nacl-session/en/latest/usage.html >> >> It encrypts the session the is stored in the cookie with NACL. No longer is >> the content if the cookie something that an attacker can read/do anything >> with. >> >> >> >>> On Nov 28, 2023, at 12:12, Scott Lawton <scott.s...@gmail.com <>> wrote: >>> >> >>> Some followup: >>> - >>> https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html >>> has a big section in red: 'By default the SignedCookieSessionFactory() >>> <https://docs.pylonsproject.org/projects/pyramid/en/latest/api/session.html#pyramid.session.SignedCookieSessionFactory> >>> implementation contains the following security concerns: >>> >>> ... which seems to argue against session, but maybe doesn't apply to >>> access/refresh tokens? And/or maybe setting the cookie like we do isn't any >>> better? >>> >>> We also tried to follow >>> https://docs.pylonsproject.org/projects/pyramid/en/latest/whatsnew-2.0.html#upgrading-auth-20 >>> ... but not sure we did so correctly. That's what we're looking for >>> feedback! >>> >>> Scott >>> >> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "pylons-discuss" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to pylons-discus...@googlegroups.com <>. >> >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/pylons-discuss/2dedd1e5-cffc-45c4-84b6-ebb142a68368n%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/pylons-discuss/2dedd1e5-cffc-45c4-84b6-ebb142a68368n%40googlegroups.com?utm_medium=email&utm_source=footer>. >> > > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to pylons-discuss+unsubscr...@googlegroups.com > <mailto:pylons-discuss+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/pylons-discuss/b8039844-e54d-4b80-be42-ec56dca2e066n%40googlegroups.com > > <https://groups.google.com/d/msgid/pylons-discuss/b8039844-e54d-4b80-be42-ec56dca2e066n%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/E899E48A-B89E-469C-87B3-C9E58F09752D%400x58.com.
