Encrypting a cookie in Django

Starting a with Django 1.4, we now get free cryptographic signing if we use the cookie-based backend for session storage, which is great. However, what if I want to store potentially sensitive information in the session? Ideally, I would encrypt it as well.

Here is a real use case: I want to store a temporary token in the session that allows me to issues requests against another service (this token expires after an hour of inactivity). Without encryption, anyone could get this token and issue the requests themselves, which I'd like to avoid.

I realize I can just encrypt/decrypt myself when I put it into the session, but I was wondering if there was a way to do this automatically for the cookie-based session storage. Does anyone have any ideas?

Answers


You should inherit signed session store and make it use your versions of singing.dumps and signing.loads which will, for example, encrypt pickled string with any necesssary algo (and decrypt it before de-pickling).


Need Your Help

SVN Warning W155010

linux svn

When checking out from the repository with svn co I get the following error after the checkout:

Codeigniter : How to make the nested selection for related tables

php mysql sql codeigniter codeigniter-datamapper

I have two tables in my database one for "LOUNGES" and one for "CITIES". There isn't an explicit connection between them. I mean I haven't put a column "city_id" in the "LOUNGES TABLE". I just take...

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.