pyramid_beaker httponly和安全cookie
[英]pyramid_beaker httponly and secure cookie
问题描述
After a security report, I've been asked to provide a secure session cookie. 
在收到安全报告后,系统要求我提供安全的会话cookie。
I am using pyramid_beaker.session_factory_from_settings() and was lucky(?) to be able to set the httponly with ('session.httponly', True) , but ('session.secure', True) does not provide the second option. 我正在使用pyramid_beaker.session_factory_from_settings(),很幸运(?)能够使用('session.httponly', True)设置httponly,但('session.secure', True)不提供第二个选项。
Is it possible to do it? 有可能做到吗?
Pointers to the different session.* settings much appreciated also. 指向不同session.*指针session.*设置也非常感谢。
EDIT: I found a list in beaker.utils.coerce_session_params() 编辑:我在beaker.utils.coerce_session_params()找到一个列表
Thanks. 谢谢。
EDIT: I think i got the problem. 编辑:我认为我有问题。 I am using in development: 我在开发中使用:
http_server = simple_server.make_server('0.0.0.0', no_port, app)
http_server.serve_forever()1 个解决方案
解决方案1
0 已采纳 2012-06-06 04:42:57
Sorry, is there a question here? 抱歉,这有问题吗? It sounds like you answered the original one and are now looking at making your development setup work under https? 听起来您已经回答了最初的一个,现在正在考虑使您的开发设置在https下工作? Personally I tend to worry about that only on my staging server (where nginx handles the certificates), but in my development.ini locally I do not make cookies secure. 我个人倾向于担心仅在我的登台服务器(nginx处理证书)上,但是在我的development.ini中,我不会使cookie安全。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.