Mercurial > public > src > moin > 1.9

diff MoinMoin/config/multiconfig.py @ 4628:3c6980b5e938
fix new session code. remove old session code. details below. Removed the old 1.8 session code (MoinMoin.session): * cfg.session_handler and session_id_handler are gone (use cfg.session_service) * cfg.anonymous_session_lifetime is gone (use cfg.cookie_lifetime) Fixed new 1.9 session code (MoinMoin.web.session): * cfg.cookie_lifetime is now a tuple (anon, loggedin), giving the lifetime of the cookie in hours, accepting floats, for anon sessions and logged in sessions. Default is (0, 12). 0 means not to use a session cookie (== not to establish a session) and makes only sense for anon users. * cfg.cookie_httponly is new and defaults to True. * when logging out, the session cookie is deleted. * more debug logging
author: Thomas Waldmann <tw AT waldmann-edv DOT de>
date: Sat, 07 Mar 2009 19:10:05 +0100
parents: 619b1dacf4ee
children: 268004c7b206
--- a/MoinMoin/config/multiconfig.py	Thu Mar 05 23:01:03 2009 +0100
+++ b/MoinMoin/config/multiconfig.py	Sat Mar 07 19:10:05 2009 +0100
@@ -23,7 +23,6 @@
 from MoinMoin.events import PageChangedEvent, PageRenamedEvent
 from MoinMoin.events import PageDeletedEvent, PageCopiedEvent
 from MoinMoin.events import PageRevertedEvent, FileAttachedEvent
-from MoinMoin import session
 import MoinMoin.web.session
 from MoinMoin.packages import packLine
 from MoinMoin.security import AccessControlList
@@ -697,22 +696,18 @@
 options_no_group_name = {
   # ==========================================================================
   'session': ('Session settings', "Session-related settings, see HelpOnSessions.", (
-    ('session_handler', DefaultExpression('session.DefaultSessionHandler()'),
-     "See HelpOnSessions."),
-    ('session_id_handler', DefaultExpression('session.MoinCookieSessionIDHandler()'),
-     "Only used by the DefaultSessionHandler, see HelpOnSessions."),
     ('session_service', DefaultExpression('web.session.FileSessionService()'),
-     "New session service (used by the new WSGI layer)"),
+     "The session service."),
     ('cookie_secure', None,
      'Use secure cookie. (None = auto-enable secure cookie for https, True = ever use secure cookie, False = never use secure cookie).'),
+    ('cookie_httponly', True,
+     'Use a httponly cookie that can only be used by the server, not by clientside scripts.'),
     ('cookie_domain', None,
      'Domain used in the session cookie. (None = do not specify domain).'),
     ('cookie_path', None,
      'Path used in the session cookie (None = auto-detect).'),
-    ('cookie_lifetime', 12,
-     'Session lifetime [h] of logged-in users (see HelpOnSessions for details).'),
-    ('anonymous_session_lifetime', None,
-     'Session lifetime [h] of users who are not logged in (None = disable anon sessions).'),
+    ('cookie_lifetime', (0, 12),
+     'Session lifetime [h] of (anonymous, logged-in) users (see HelpOnSessions for details).'),
   )),
   # ==========================================================================
   'auth': ('Authentication / Authorization / Security settings', None, (
author	Thomas Waldmann <tw AT waldmann-edv DOT de>
date	Sat, 07 Mar 2009 19:10:05 +0100
parents	619b1dacf4ee
children	268004c7b206