Move cookie-signing code from set_secure_cookie to a new method for non-cookie use...

author Ben Darnell <ben@bendarnell.com>

Fri, 17 Sep 2010 21:45:45 +0000 (14:45 -0700)

committer Ben Darnell <ben@bendarnell.com>

Fri, 17 Sep 2010 21:45:45 +0000 (14:45 -0700)
author Ben Darnell <ben@bendarnell.com>
Fri, 17 Sep 2010 21:45:45 +0000 (14:45 -0700)
committer Ben Darnell <ben@bendarnell.com>
Fri, 17 Sep 2010 21:45:45 +0000 (14:45 -0700)
diff --git a/tornado/web.py b/tornado/web.py

index b21f0be296272e662a097a90862c1ee14f26d753..092306b074aeb030c3da92e7ef0263a26ce4c3e6 100644 (file)
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -317,11 +317,21 @@ class RequestHandler(object):
  
          To read a cookie set with this method, use get_secure_cookie().
          """
+        self.set_cookie(name, self.create_signed_value(name, value),
+                        expires_days=expires_days, **kwargs)
+
+    def create_signed_value(self, name, value):
+        """Signs and timestamps a string so it cannot be forged.
+
+        Normally used via set_secure_cookie, but provided as a separate
+        method for non-cookie uses.  To decode a value not stored
+        as a cookie use the optional value argument to get_secure_cookie.
+        """
          timestamp = str(int(time.time()))
          value = base64.b64encode(value)
          signature = self._cookie_signature(name, value, timestamp)
          value = "|".join([value, timestamp, signature])
-        self.set_cookie(name, value, expires_days=expires_days, **kwargs)
+        return value
  
      def get_secure_cookie(self, name, include_name=True, value=None):
          """Returns the given signed cookie if it validates, or None.
author	Ben Darnell <ben@bendarnell.com>
	Fri, 17 Sep 2010 21:45:45 +0000 (14:45 -0700)
committer	Ben Darnell <ben@bendarnell.com>
	Fri, 17 Sep 2010 21:45:45 +0000 (14:45 -0700)