Create a new cookie or replace an old one. If the `secret` parameter is set, create a `Signed Cookie` (described below). :param name: the name of the cookie. :param value: the value of the cookie. :param secret: a signature key required for signed co
(self, name, value, secret=None, digestmod=hashlib.sha256, **options)
| 2196 | return default |
| 2197 | |
| 2198 | def set_cookie(self, name, value, secret=None, digestmod=hashlib.sha256, **options): |
| 2199 | """ Create a new cookie or replace an old one. If the `secret` parameter is |
| 2200 | set, create a `Signed Cookie` (described below). |
| 2201 | |
| 2202 | :param name: the name of the cookie. |
| 2203 | :param value: the value of the cookie. |
| 2204 | :param secret: a signature key required for signed cookies. |
| 2205 | |
| 2206 | Additionally, this method accepts all RFC 2109 attributes that are |
| 2207 | supported by :class:`cookie.Morsel`, including: |
| 2208 | |
| 2209 | :param maxage: maximum age in seconds. (default: None) |
| 2210 | :param expires: a datetime object or UNIX timestamp. (default: None) |
| 2211 | :param domain: the domain that is allowed to read the cookie. |
| 2212 | (default: current domain) |
| 2213 | :param path: limits the cookie to a given path (default: current path) |
| 2214 | :param secure: limit the cookie to HTTPS connections (default: off). |
| 2215 | :param httponly: prevents client-side javascript to read this cookie |
| 2216 | (default: off, requires Python 2.6 or newer). |
| 2217 | :param samesite: Control or disable third-party use for this cookie. |
| 2218 | Possible values: `lax`, `strict` or `none` (default). |
| 2219 | |
| 2220 | If neither `expires` nor `maxage` is set (default), the cookie will |
| 2221 | expire at the end of the browser session (as soon as the browser |
| 2222 | window is closed). |
| 2223 | |
| 2224 | Signed cookies may store any pickle-able object and are |
| 2225 | cryptographically signed to prevent manipulation. Keep in mind that |
| 2226 | cookies are limited to 4kb in most browsers. |
| 2227 | |
| 2228 | Warning: Pickle is a potentially dangerous format. If an attacker |
| 2229 | gains access to the secret key, he could forge cookies that execute |
| 2230 | code on server side if unpickled. Using pickle is discouraged and |
| 2231 | support for it will be removed in later versions of bottle. |
| 2232 | |
| 2233 | Warning: Signed cookies are not encrypted (the client can still see |
| 2234 | the content) and not copy-protected (the client can restore an old |
| 2235 | cookie). The main intention is to make pickling and unpickling |
| 2236 | save, not to store secret information at client side. |
| 2237 | """ |
| 2238 | if not self._cookies: |
| 2239 | self._cookies = SimpleCookie() |
| 2240 | |
| 2241 | # Monkey-patch Cookie lib to support 'SameSite' parameter |
| 2242 | # https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1 |
| 2243 | if py < (3, 8, 0): |
| 2244 | Morsel._reserved.setdefault('samesite', 'SameSite') |
| 2245 | |
| 2246 | if secret: |
| 2247 | if not isinstance(value, basestring): |
| 2248 | depr(0, 13, "Pickling of arbitrary objects into cookies is " |
| 2249 | "deprecated.", "Only store strings in cookies. " |
| 2250 | "JSON strings are fine, too.") |
| 2251 | encoded = base64.b64encode(pickle.dumps([name, value], -1)) |
| 2252 | sig = base64.b64encode(hmac.new(tob(secret), encoded, |
| 2253 | digestmod=digestmod).digest()) |
| 2254 | value = touni(tob('!') + sig + tob('?') + encoded) |
| 2255 | elif not isinstance(value, basestring): |
no test coverage detected