Attachment 'httponlyfix.patch'
Download 1 --- MoinMoin/session.py.orig 2009-06-02 12:55:29.000000000 +0900
2 +++ MoinMoin/session.py 2009-06-02 13:18:22.000000000 +0900
3 @@ -301,11 +301,14 @@
4 SessionIDHandler.__init__(self)
5 self.cookie_name = cookie_name
6
7 - def _make_cookie(self, request, cookie_name, cookie_string, maxage, expires):
8 + def _make_cookie(self, request, cookie_name, cookie_string, maxage, expires, http_only=False):
9 """ create an appropriate cookie """
10 cookie = Cookie.SimpleCookie()
11 cfg = request.cfg
12 cookie[cookie_name] = cookie_string
13 + if http_only:
14 + try: cookie[cookie_name]['httponly']=True
15 + except Cookie.CookieError: pass
16 cookie[cookie_name]['max-age'] = maxage
17 if cfg.cookie_domain:
18 cookie[cookie_name]['domain'] = cfg.cookie_domain
19 @@ -324,11 +327,11 @@
20 cookie[cookie_name]['secure'] = True
21 return cookie.output()
22
23 - def _set_cookie(self, request, cookie_string, expires):
24 + def _set_cookie(self, request, cookie_string, expires, http_only=False):
25 """ Set cookie, raw helper. """
26 lifetime = int(expires - time.time())
27 cookie = self._make_cookie(request, self.cookie_name, cookie_string,
28 - lifetime, expires)
29 + lifetime, expires, http_only)
30 # Set cookie
31 request.setHttpHeader(cookie)
32 # IMPORTANT: Prevent caching of current page and cookie
33 @@ -336,7 +339,7 @@
34
35 def set(self, request, session_name, expires):
36 """ Set moin_session cookie """
37 - self._set_cookie(request, session_name, expires)
38 + self._set_cookie(request, session_name, expires, http_only=True)
39 logging.debug("setting cookie with session_name %r, expiry %r" % (session_name, expires))
40
41 def get(self, request):
Attached Files
To refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.You are not allowed to attach a file to this page.