/usr/share/doc/python-werkzeug-doc/html/_sources/contrib/securecookie.rst.txt is in python-werkzeug-doc 0.14.1+dfsg1-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 | =============
Secure Cookie
=============
.. automodule:: werkzeug.contrib.securecookie
Security
========
The default implementation uses Pickle as this is the only module that
used to be available in the standard library when this module was created.
If you have simplejson available it's strongly recommended to create a
subclass and replace the serialization method::
import json
from werkzeug.contrib.securecookie import SecureCookie
class JSONSecureCookie(SecureCookie):
serialization_method = json
The weakness of Pickle is that if someone gains access to the secret key
the attacker can not only modify the session but also execute arbitrary
code on the server.
Reference
=========
.. autoclass:: SecureCookie
:members:
.. attribute:: new
`True` if the cookie was newly created, otherwise `False`
.. attribute:: modified
Whenever an item on the cookie is set, this attribute is set to `True`.
However this does not track modifications inside mutable objects
in the cookie:
>>> c = SecureCookie()
>>> c["foo"] = [1, 2, 3]
>>> c.modified
True
>>> c.modified = False
>>> c["foo"].append(4)
>>> c.modified
False
In that situation it has to be set to `modified` by hand so that
:attr:`should_save` can pick it up.
.. autoexception:: UnquoteError
|