using collective.captcha from a CMFFormController validator
Martijn Pieters
mj at zopatista.com
Tue Nov 20 21:26:02 UTC 2007
On Nov 20, 2007 6:25 PM, David Glick <davidglick at onenw.org> wrote:
> Aha, I see it. Because verify() calls expireCookie, the cookie's
> expiration date is in the past even after the new cookie gets set (b/c
> setCookie just updates a dictionary of cookie parameters, one of which
> is the expiration date). So if you explicitly put in a new expiration
> date when you call setCookie in _generate_session(), that should fix
> things as well.
Good catch! However, a max-age is also set, so I now explicitly delete
the cookie first before setting it. Patch below.
I'll check that in tomorrow, together with a test update, and release
version 1.1.
Index: /Users/mj/Development/SVN/Nortek/website/development/src/collective.captcha/collective/captcha/browser/captcha.py
===================================================================
--- /Users/mj/Development/SVN/Nortek/website/development/src/collective.captcha/collective/captcha/browser/captcha.py (revision
54158)
+++ /Users/mj/Development/SVN/Nortek/website/development/src/collective.captcha/collective/captcha/browser/captcha.py (working
copy)
@@ -50,8 +50,14 @@
"""Ensure a session id exists"""
if self._session_id is None:
id = sha.new(str(random.randrange(sys.maxint))).hexdigest()
- self.request.response.setCookie(COOKIE_ID, id, path='/')
self._session_id = id
+
+ resp = self.request.response
+ if COOKIE_ID in resp.cookies:
+ # clear the cookie first, clearing out any expiration cookie
+ # that may have been set during verification
+ del resp.cookies[COOKIE_ID]
+ resp.setCookie(COOKIE_ID, id, path='/')
def _generate_words(self):
"""Create words for the current session
--
Martijn Pieters
More information about the Product-Developers
mailing list