using collective.captcha from a CMFFormController validator

Martijn Pieters mj at zopatista.com
Tue Nov 20 21:26:02 UTC 2007


On Nov 20, 2007 6:25 PM, David Glick <davidglick at onenw.org> wrote:
> Aha, I see it.  Because verify() calls expireCookie, the cookie's
> expiration date is in the past even after the new cookie gets set (b/c
> setCookie just updates a dictionary of cookie parameters, one of which
> is the expiration date).  So if you explicitly put in a new expiration
> date when you call setCookie in _generate_session(), that should fix
> things as well.

Good catch! However, a max-age is also set, so I now explicitly delete
the cookie first before setting it. Patch below.

I'll check that in tomorrow, together with a test update, and release
version 1.1.

Index: /Users/mj/Development/SVN/Nortek/website/development/src/collective.captcha/collective/captcha/browser/captcha.py
===================================================================
--- /Users/mj/Development/SVN/Nortek/website/development/src/collective.captcha/collective/captcha/browser/captcha.py	(revision
54158)
+++ /Users/mj/Development/SVN/Nortek/website/development/src/collective.captcha/collective/captcha/browser/captcha.py	(working
copy)
@@ -50,8 +50,14 @@
         """Ensure a session id exists"""
         if self._session_id is None:
             id = sha.new(str(random.randrange(sys.maxint))).hexdigest()
-            self.request.response.setCookie(COOKIE_ID, id, path='/')
             self._session_id = id
+
+            resp = self.request.response
+            if COOKIE_ID in resp.cookies:
+                # clear the cookie first, clearing out any expiration cookie
+                # that may have been set during verification
+                del resp.cookies[COOKIE_ID]
+            resp.setCookie(COOKIE_ID, id, path='/')

     def _generate_words(self):
         """Create words for the current session

-- 
Martijn Pieters




More information about the Product-Developers mailing list