Mercurial > kallithea
comparison development.ini @ 5400:6257de126ec7
docs: improve documentation of beaker session configuration
beaker.session.auto is dropped; it defaults to false and there is no reason to
ever set it true for Kallithea.
beaker.session.cookie_path and secure are dropped; like cookie_domain, they
should automatically be set to the right value.
* * *
beaker.session.cookie_expires MUST have the default value of True to provide the default value of 'browser session lifetime' when not enabling 'remember' in the login box. The cookie life is hardcoded to 365 days when remember is selected.
| author | Mads Kiilerich <madski@unity3d.com> |
|---|---|
| date | Mon, 17 Aug 2015 01:11:42 +0200 |
| parents | 4610a39d3be9 |
| children | 2079e864ce51 |
comparison
equal
deleted
inserted
replaced
| 5399:4610a39d3be9 | 5400:6257de126ec7 |
|---|---|
| 351 beaker.cache.sql_cache_short.key_length = 256 | 351 beaker.cache.sql_cache_short.key_length = 256 |
| 352 | 352 |
| 353 #################################### | 353 #################################### |
| 354 ### BEAKER SESSION #### | 354 ### BEAKER SESSION #### |
| 355 #################################### | 355 #################################### |
| 356 | |
| 357 ## Name of session cookie. Should be unique for a given host and path, even when running | |
| 358 ## on different ports. Otherwise, cookie sessions will be shared and messed up. | |
| 359 beaker.session.key = kallithea | |
| 360 ## Sessions should always only be accessible by the browser, not directly by JavaScript. | |
| 361 beaker.session.httponly = true | |
| 362 ## Session lifetime. 2592000 seconds is 30 days. | |
| 363 beaker.session.timeout = 2592000 | |
| 364 | |
| 365 ## Server secret used with HMAC to ensure integrity of cookies. | |
| 366 beaker.session.secret = development-not-secret | |
| 367 ## Further, encrypt the data with AES. | |
| 368 #beaker.session.encrypt_key = <key_for_encryption> | |
| 369 #beaker.session.validate_key = <validation_key> | |
| 370 | |
| 356 ## Type of storage used for the session, current types are | 371 ## Type of storage used for the session, current types are |
| 357 ## dbm, file, memcached, database, and memory. | 372 ## dbm, file, memcached, database, and memory. |
| 358 ## The storage uses the Container API | 373 |
| 359 ## that is also used by the cache system. | 374 ## File system storage of session data. (default) |
| 360 | 375 #beaker.session.type = file |
| 361 ## db session ## | 376 |
| 377 ## Cookie only, store all session data inside the cookie. Requires secure secrets. | |
| 378 #beaker.session.type = cookie | |
| 379 | |
| 380 ## Database storage of session data. | |
| 362 #beaker.session.type = ext:database | 381 #beaker.session.type = ext:database |
| 363 #beaker.session.sa.url = postgresql://postgres:qwe@localhost/kallithea | 382 #beaker.session.sa.url = postgresql://postgres:qwe@localhost/kallithea |
| 364 #beaker.session.table_name = db_session | 383 #beaker.session.table_name = db_session |
| 365 | |
| 366 ## encrypted cookie client side session, good for many instances ## | |
| 367 #beaker.session.type = cookie | |
| 368 | |
| 369 ## file based cookies (default) ## | |
| 370 #beaker.session.type = file | |
| 371 | |
| 372 ## beaker.session.key should be unique for a given host, even when running | |
| 373 ## on different ports. Otherwise, cookie sessions will be shared and messed up. | |
| 374 beaker.session.key = kallithea | |
| 375 beaker.session.secret = development-not-secret | |
| 376 | |
| 377 ## Secure encrypted cookie. Requires AES and AES python libraries | |
| 378 ## you must disable beaker.session.secret to use this | |
| 379 #beaker.session.encrypt_key = <key_for_encryption> | |
| 380 #beaker.session.validate_key = <validation_key> | |
| 381 | |
| 382 ## sets session as invalid if it haven't been accessed for given amount of time | |
| 383 beaker.session.timeout = 2592000 | |
| 384 beaker.session.httponly = true | |
| 385 #beaker.session.cookie_path = /<your-prefix> | |
| 386 | |
| 387 ## uncomment for https secure cookie | |
| 388 beaker.session.secure = false | |
| 389 | |
| 390 ## auto save the session to not to use .save() | |
| 391 beaker.session.auto = False | |
| 392 | |
| 393 ## default cookie expiration time in seconds `true` expire at browser close ## | |
| 394 #beaker.session.cookie_expires = 3600 | |
| 395 | 384 |
| 396 ############################ | 385 ############################ |
| 397 ## ERROR HANDLING SYSTEMS ## | 386 ## ERROR HANDLING SYSTEMS ## |
| 398 ############################ | 387 ############################ |
| 399 | 388 |