Some time ago, I created a Signed Cookies middleware for Django, allowing views to transparently sign and validate cookies. With recent developments on django-developers, it was best to create a separate project for it, rather than maintain it as a ticket.
With that in mind, I created a Google Code project for this application. For those who haven’t been following its progress, I’ll list some of its features:
-
A middleware to do everything automatically
- Signs outgoing cookies
- Validates incoming cookies
- Removes the signature from incoming cookies (so your views get the cookie as it was originally set)
- Invalid cookies are silently stripped from the request, as if they had never existed
- Utilities to manually generate signed cookie values, for greater control
- Relies on existing data (such as settings.SECRET_KEY), so required additions to your project are minimal
So with that in mind, if you happen to need signed cookies for a Django app, feel free to check it out and let me know what you think. And, as always, leave me a ticket if you find anything problematic.
Comments
Speak up!