and confirmed, you can store a limited amount of data, after that the
session remains the same (~a dict with 80 keys , 10 chars length both for
keys and values)
to reproduce:
import string
def test():
key = session.counter or 0
session['counter'] = key + 1
session[key] = string.letters
return dict(counter=session.counter, s=session)
at the 28th requests nothing goes on.
Even worse for logged-in users: at the 18 request the cookie is full.
Even worse (if possible) if you hit the page 20 times, than try to
login.... nothing happens, because it's full yet.
So, if you use session cookies, don't even imagine storing something in
that (other than VERY small fragments)
On Tuesday, October 16, 2012 10:30:59 PM UTC+2, Niphlod wrote:
>
> goes always in exception, and the bug is that the IV key must be 16 bytes.
> secure_dumps is padding the key to 32 (correct) but using key as well for
> the IV argument.
>
> On Tuesday, October 16, 2012 1:24:00 PM UTC+2, Massimo Di Pierro wrote:
>>
>> This is new in trunk and needs to be tested. Add this to your app:
>>
>> session.connect(cookie_key='mypassphrase')
>>
>> and sessions will be stored in cookies (like Flask does). Cookies are
>> encrypted with AES 32bites and signed with HMAC+SHA1.
>>
>>
>>
--
