entrouvert
/
debian-quixote3
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Revise session-mgmt.txt, session ID format has changed.

This commit is contained in:
Neil Schemenauer 2017-11-23 09:51:25 -08:00
parent ad0f99505e
commit 3a590f58b8
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
doc/session-mgmt.txt
View File

@ -27,20 +27,20 @@ In a nutshell, session management with Quixote works like this:
* when a user-agent first requests a page from a Quixote application
that implements session management, Quixote creates a Session object
and generates a session ID (a random 64-bit number). The Session
and generates a session ID (a random 128-bit number). The Session
object is attached to the current HTTPRequest object, so that
application code involved in processing this request has access to
the Session object. The get_session() function provides uniform
access to the current Session object.
the Session object. The quixote.get_session() function provides
uniform access to the current Session object.
* if, at the end of processing that request, the application code has
stored any information in the Session object, Quixote saves the
session in its SessionManager object for use by future requests and
sends a session cookie, called ``QX_session`` by default, to the user.
The session cookie contains the session ID encoded as a hexadecimal
string, and is included in the response headers, eg. ::
The session cookie contains the session ID encoded as a URL-safe
base-64 string, and is included in the response headers, eg. ::
Set-Cookie: QX_session="928F82A9B8FA92FD"
Set-Cookie: QX_session="pJX1bU47T-6hbfjP2f5pPA"
(You can instruct Quixote to specify the domain and path for
URLs to which this cookie should be sent.)
@ -51,7 +51,7 @@ In a nutshell, session management with Quixote works like this:
cookie's domain and path, it includes the ``QX_session`` cookie
previously generated by Quixote in the request headers, eg.::
Cookie: QX_session="928F82A9B8FA92FD"
Cookie: QX_session="pJX1bU47T-6hbfjP2f5pPA"
* while processing the request, Quixote decodes the session ID and
looks up the corresponding Session object in its SessionManager. If
@ -166,7 +166,7 @@ For example, if the client requests ``/foo/bar/`` from
www.example.com, and Quixote decides that it must set the session
cookie in the response to that request, then the server would send ::
Set-Cookie: QX_session="928F82A9B8FA92FD"
Set-Cookie: QX_session="pJX1bU47T-6hbfjP2f5pPA"
in the response headers. Since no domain or path were specified with
that cookie, the browser will only include the cookie with requests to
@ -180,7 +180,7 @@ config file::
which will cause Quixote to set the cookie like this::
Set-Cookie: QX_session="928F82A9B8FA92FD"; Path="/"
Set-Cookie: QX_session="pJX1bU47T-6hbfjP2f5pPA"; Path="/"
which will instruct the browser to include that cookie with *all*
requests to www.example.com.