This software provides a secure method for storing Django session data within cookies.
The original code was based on a snippet from Christopher Lenz and was later improved with several encoding steps. The session dictionary undergoes a three-step process consisting of JSON conversion, SHA1 hashing with the site's SECRET_KEY, and concatenation of the JSON and SHA1 hash. The concatenated package is then gzipped and base64 encoded to produce the end result.
When decoding a session cookie, the process reverses with the cookie getting base64 decoded and ungzipped before splitting into the JSON data and SHA1 hash. The package then generates a new SHA1 hash from the JSON and compares it against the SHA1 hash from the cookie. If the hashes match, the JSON data is converted back into a Python object and returned to the user. If they don't match, a SuspiciousOperation exception is raised.
Two management commands come with cookiesession to simplify debugging from an administrative standpoint. The first of these, called 'decode_session_cookie', is called as './manage.py decode_session_cookie' and prints the keys and values of the session dictionary. The second is the 'encode_session_cookie' command used to encode key-value arguments into a cookie for manual insertion in your browser for testing purposes. This command must be called as './manage.py encode_cookie key1=value key2=value'.
Version 0.1: N/A