pyramid_subscribers_cookiexfer
allows you to transfer cookies from the request to the response on an http exception.
you might need this as redirects are subclasses of httpexceptions, and cookies may not transfer.
overview
a typical user flow might be this:
- user submits form to /account/login
- backend authenticates, sets various cookies
- backend redirects to /account/home
if you only persist data through pyramid sessions this is not needed -- the pyramid session cookie is set before authentication, so data persists through the redirect.
this is useful if you're setting ancillary information through browser cookies, such as caching user data on the client.
Almost every browser respects a SetCookie
header on a redirect -- only Safari is known to ignore this. Many developers have stored cookies in session data to show on future visits, this package automates that.
two methods are available to persist information
-
add_headers
Transfers cookie headers from the request to the response -
session_save
Saves the cookies you'd want to set into the session, migrates them into the response on the next pageview
This package also offers the ability to uniquely manage the cookies to avoid duplicates. right now this behavior is recommended.
The package is configured through a few variables set in your .ini
files , then enabled with an import and call to initialize
in your .ini
The internal mechanics are pretty simple:
config.add_subscriber(\
new_request,
'pyramid.events.NewRequest')
config.add_subscriber(\
new_response,
'pyramid.events.NewResponse')
In order to aid in debugging and cut down on processing:
-
initialize_subscribers()
will only install aNewResponse
listener if sessioning will be used - A configurable regex is used to eliminate paths from the module ( including debug statements )
Important Notes:
- This package will respect headers that are raised with the httpexception
- Because of how pyramid's internals work, you must
return
the redirect -- notraise
it -- if you want cookies transferred from therequest.response
. If you "raise" a redirect, only the headers used to initialize the redirect can be stored in the session (they exist in the new response object and do not need to be transferred)
These situations will work:
A few case examples
return HTTPFound(location='/new/location')
- any cookies set by
request.response.set_cookie
will be transferred
return HTTPFound(location='/new/location', headers=dict_of_headers)
- the headers in
dict_of_headers
are already in the newresponse
, and can persist to thesession
- any cookies set by
request.response.set_cookie
will be transferred
raise HTTPFound(location='/new/location')
- NO cookies set by
request.response.set_cookie
will be transferred
raise HTTPFound(location='/new/location', headers=dict_of_headers )
- the headers in
dict_of_headers
are already in the newresponse
, and can persist to thesession
- NO cookies set by
request.response.set_cookie
will be transferred
configuration options
cookie_xfer.re_excludes
If set, this will be compiled into a regex. routes matching this regex will be ignored.
cookie_xfer.redirect_add_headers
If "true",
setup
environment.ini cookie_xfer.redirect_add_headers = True cookie_xfer.redirect_session_save = False cookie_xfer.apply_unique = False cookie_xfer.re_excludes = "^/(css|img|js|deform|_debug_toolbar)"
app/init.py
import pyramid_subscribers_cookiexfer
def main(global_config, **settings):
...
pyramid_subscribers_cookiexfer.initialize( config , settings )
...