GitXplorerGitXplorer
b

beaker-session-jwt

public
0 stars
0 forks
0 issues

Commits

List of commits on branch main.
Unverified
b43d9941f0ce7c7c5d6192ae0a52635d5ed5e2ad

version 1.0.2

bbrondsem committed 9 days ago
Unverified
4a039c9dc52887b10c9f45d4c4d334d4d66dd47d

support python 3.13

bbrondsem committed 9 days ago
Verified
cada06f72c4493372cdab72c804a83f5adf07d80

Merge pull request #1 from brondsem/handle_bad_cookies

kkentontaylor committed 9 days ago
Unverified
12ba4d853e535e4a9eec2c7caf2d01d7c717901b

move some code so the try/except is around just the relevant part

bbrondsem committed 10 days ago
Unverified
e36dca02c77e14868361b72f2ff61018d7de3982

do some cookie pre-parsing to avoid BaseCookie from ignoring multiple cookies when one is bad

bbrondsem committed 10 days ago
Unverified
ceb0fa40fdd107bf59e4cf6ff790db3d0fac0592

release 1.0.1

bbrondsem committed a year ago

README

The README file for this repository.

A new signed-cookie implementation for Beaker Sessions

Features

  • so much safer than default Pickle serialization
  • serialize with BSON and compress, so more datatypes supported than JSON (optional)
  • multiple keys, so you can rotate them
  • stronger hash algorithm (SHA256)
  • backwards compatible reads/writes with original pickle-based beaker session cookies
  • JWT for signing (although not much else of JWT is implemented)

Install

pip install 'beaker-session-jwt'

Usage

See beaker docs for general implementation. Specify using this class:

from beaker_session_jwt import JWTCookieSession

app = SessionMiddleware(app, config, session_class=JWTCookieSession)

Additional config options

See Beaker docs for main config options, many of which apply to this class too.

  • jwt_secret_keys required. One or more comma-separated keys
    • generate a key with python -c 'import secrets; print(secrets.token_hex());'
    • multiple signing keys are supported, so you can rotate them. The first one in the list will be used for writing, the rest will be permitted for verifying.
  • bson_compress_jwt_payload default True
    • serializing with BSON and compressing with zlib, to allow for types like datetime, bytes, etc to be stored which JSON cannot store. This is stored all in a single JWT field, so JWT is hardly being used, just for signatures really
  • read_original_format default False
    • set to true to read original beaker signed cookies. Allows for backward compatibility and transition periods
    • after a transition period, make sure to set this back to False
  • original_format_validate_key required if read_original_format
  • original_format_data_serializer
  • original_format_remove_keys optional comma-separated list
    • if your old sessions have values that pickle supported, but don't work any more, list the session keys here. They will be removed but the rest of the session will be preserved.
  • write_original_format default False
    • set to true if you have many servers/processes and need to roll this out gradually. Then later set to False when all processes are ready.

Non-Features

  • no encrypted cookies (could be possible with JWT though)
  • JWT payload/claim fields (iss, sub, exp, etc) are not used or verified. Instead, this uses the fields that a beaker CookieSession has, for maximum backwards compatibility and simplicity.
  • pymongo/bson is always required even with bson_compress_jwt_payload=False

License

Apache License