Tryton - Issues

 

Issue7134

Title Specific API for session
Priority feature Status resolved
Superseder Nosy List ced, reviewbot, roundup-bot
Type feature request Components trytond
Assigned To ced Keywords review
Reviews 39171002
View: 39171002

Created on 2018-02-13.15:42:23 by ced, last changed by roundup-bot.

Messages
New changeset efd461cecc78 by C├ędric Krier in branch 'default':
Simplify API for Session
http://hg.tryton.org/trytond/rev/efd461cecc78
review39171002 updated at https://codereview.tryton.org/39171002/#ps40001
review39171002 updated at https://codereview.tryton.org/39171002/#ps20001
review39171002 updated at https://codereview.tryton.org/39171002/#ps1
msg38346 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2018-02-13.15:42:22
For now, the security uses the ORM method to create and delete session. This makes more difficult to implement alternate session storage.
Also we do no log session check for wrong session which could be useful to block, for example with fail2ban, a brute force attack on session (even if it is highly improbable).

So I propose to create an API: new, remove and check; and move the logging into security.py
History
Date User Action Args
2018-03-07 00:34:17roundup-botsetstatus: testing -> resolved
nosy: + roundup-bot
messages: + msg38840
2018-02-20 16:13:08reviewbotsetmessages: + msg38504
2018-02-19 12:15:09reviewbotsetmessages: + msg38464
2018-02-13 16:16:27reviewbotsetnosy: + reviewbot
messages: + msg38351
2018-02-13 16:06:56cedsetstatus: in-progress -> testing
reviews: 39171002
keyword: + review
2018-02-13 15:42:23cedcreate

Showing 10 items. Show all history (warning: this could be VERY long)