1 # Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING
3 from ipsilon.util.log import Log
8 class SecureCookie(Log):
10 def __init__(self, name=None, value=None, maxage=None, expires=None):
12 self.name = str(uuid.uuid4())
16 self.secure = cherrypy.config.get('tools.sessions.secure', True)
17 self.httponly = cherrypy.config.get('tools.sessions.httponly', True)
19 self.expires = expires
22 def _get_cookie_attr(self, name):
23 return getattr(cherrypy.request.cookie[self.name], name, None)
25 def _set_cookie_attr(self, name, value):
26 if value is not None and value is not False:
27 cherrypy.response.cookie[self.name][name] = value
30 if self.name not in cherrypy.request.cookie:
33 self.value = cherrypy.request.cookie[self.name].value
34 self.path = self._get_cookie_attr('path')
35 self.secure = self._get_cookie_attr('secure')
36 self.httponly = self._get_cookie_attr('httponly')
37 self.maxage = self._get_cookie_attr('max-age')
38 self.expires = self._get_cookie_attr('expires')
41 if self.value is None:
42 raise ValueError('Cookie has no value')
43 if self.maxage is None and self.expires is not 0:
44 # 5 minutes should be enough ...
46 cherrypy.response.cookie[self.name] = str(self.value)
50 path = cherrypy.config.get('base.mount', '/')
51 self._set_cookie_attr('path', path)
52 self._set_cookie_attr('secure', self.secure)
53 self._set_cookie_attr('httponly', self.httponly)
54 self._set_cookie_attr('max-age', self.maxage)
55 self._set_cookie_attr('expires', self.expires)
56 self.debug('Cookie op: %s' % cherrypy.response.cookie[self.name])
60 self.debug('Deleting cookie %s' % self.name)
64 self.debug('Sending cookie %s' % self.name)