Hi,
In my yet-to-be-released version of M2Crypto, I've implemented a module
called AuthCookie which creates and verifies unforgeable HMAC'ing cookies,
based on the scheme described at http://cookies.lcs.mit.edu/.
I wrote this module because I need it for an application I am building in
Webware.
The problem I am facing is line 94 of HTTPResponse.py (in Webware 0.6):
assert isinstance(cookie, Cookie)
The AuthCookie instance I'm trying to add to a given HTTPResponse object
fails the assertion.
Of course, I can comment that line out in my application easily, but this
creates a maintenance issue.
My AuthCookie module implements two classes: AuthCookieJar and AuthCookie.
An AuthCookieJar object makes and verifies AuthCookie instances using its
secret HMAC keys.
A quick browse of WebKit.Cookie makes me believe it is non-trivial to
refactor it to accommodate my AuthCookie module.
1. Tell me it ain't so. ;-)
2. What do you suggest?
3. I understand the benefits of sprinkling assertions in library/framework
code liberally. Unfortunately, sometimes an assertion causes components in
the framework to be coupled more tightly than necessary and makes the
framework harder to extend. Perhaps the architecture is calling out to be
refactored with facade/strategy/whatnot patterns.
I've actually built a directory structure to create WKAuthCookie as a
plug-in for WebKit, but I'm feeling a little sleepy so I decide to write
this note instead of code. ;-)
If anyone wants to look at AuthCookie, give me a shout.
Cheers.
--
Ng Pheng Siong <[EMAIL PROTECTED]> * http://www.netmemetic.com
_______________________________________________
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-discuss
