| 24 | Cookie.BaseCookie.__init__(self, input) |
| 25 | |
| 26 | def value_decode(self, val): |
| 27 | val = val.strip('"') |
| 28 | sig = HMAC.new(self.secret, val[40:], SHA1).hexdigest() |
| 29 | |
| 30 | # Avoid timing attacks |
| 31 | invalid_bits = 0 |
| 32 | input_sig = val[:40] |
| 33 | if len(sig) != len(input_sig): |
| 34 | return None, val |
| 35 | |
| 36 | for a, b in zip(sig, input_sig): |
| 37 | invalid_bits += a != b |
| 38 | |
| 39 | if invalid_bits: |
| 40 | return None, val |
| 41 | else: |
| 42 | return val[40:], val |
| 43 | |
| 44 | def value_encode(self, val): |
| 45 | sig = HMAC.new(self.secret, val, SHA1).hexdigest() |