Opened 12 years ago
Closed 12 years ago
#17225 closed Cleanup/optimization (duplicate)
Salt used for cookie-based sessions isn't consistent with module name
| Reported by: | Julien Phalip | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.sessions | Version: | |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
The salt used for dumping/loading cookie-based sessions is 'django.contrib.sessions.backends.cookies':
It'd make more sense if it were 'django.contrib.sessions.backends.signed_cookies' to reflect the actual module name.
Change History (4)
comment:1 by , 12 years ago
| Description: | modified (diff) |
|---|---|
| Summary: | Salt → Salt used for cookie-based sessions isn't consistent with module name |
comment:2 by , 12 years ago
comment:3 by , 12 years ago
Yes, this "problem" really isn't a huge deal. If we don't make the change, then at least a comment could be added in the code, explaining that the inconsistency was kept for "backwards compatibility" reasons.
If one uses trunk in production then one should be aware that they're exposing themselves to occasional breakages. For that we reason then we could allow ourselves to make the change before 1.4 gets released.
comment:4 by , 12 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Changing this would break everyone's signed session cookies. This feature was added since 1.3, so we are still allowed to change it, but we might not want to for the sake of those following trunk.
The possibility of a future clash here is pretty minimal - it would only happen if we also add a django.contrib.sessions.backends.cookies module, which presumably would be a cookie backend without signing (what would we want that?), and then also change our mind and use signing with it after all!