Simon Willison’s Weblog

Subscribe
Atom feed for signedcookies

5 items tagged “signedcookies”

2009

Django ponies: Proposals for Django 1.2

I’ve decided to step up my involvement in Django development in the run-up to Django 1.2, so I’m currently going through several years worth of accumulated pony requests figuring out which ones are worth advocating for. I’m also ensuring I have the code to back them up—my innocent AutoEscaping proposal a few years ago resulted in an enormous amount of work by Malcolm and I don’t think he’d appreciate a repeat performance.

[... 1,674 words]

Adding signing (and signed cookies) to Django core. I’ve been increasing my participation in Django recently—here’s my proposal for adding signing and signed cookies to Django, which I’d personally like to see ship as part of Django 1.2.

# 24th September 2009, 7:31 pm / cookies, cryptography, django, security, signedcookies, signing

Towards a Standard for Django Session Messages. I completely agree that Django’s user.message_set (which I helped design) is unfit for purpose, but I don’t think sessions are the right solution for messages sent to users. A signed cookie containing either the full message or a key referencing the message body on the server is a much more generally useful solution as it avoids the need for a round trip to a persistent store entirely.

# 19th June 2009, 9:57 pm / cookies, django, flash, messages, python, sessions, signedcookies

2008

Django snippets: Sign a string using SHA1, then shrink it using url-safe base65. I needed a way to create tamper-proof URLs and cookies by signing them, but didn’t want the overhead of a full 40 character SHA1 hash. After some experimentation, it turns out you can knock a 40 char hash down to 27 characters by encoding it using a custom base65 encoding which only uses URL-safe characters.

# 27th August 2008, 10:18 pm / base65, cookies, cryptography, django, django-snippets, hashes, python, security, sha1, signedcookies, urls

2007

Crowdvine, iCalico, Pathable, a Study in Collusion. Stitching sites together around a single user database using subdomains and simple signed cookies.

# 12th July 2007, 11:09 pm / collusion, crowdvine, foocamp, icalico, kellan-elliott-mccrea, pathable, signedcookies, sso