for most purposes, but for certain sensitive actions (such as changing billing
information) you use a smaller ``max_age_days`` when reading the cookie.
+Tornado also supports multiple signing keys to enable signing key
+rotation. ``cookie_secret`` then must be a dict with integer key versions
+as keys and the corresponding secrets as values. The currently used
+signing key must then be set as ``key_version`` application setting
+but all other keys in the dict are allowed for cookie signature validation,
+if the correct key version is set in the cookie.
+To implement cookie updates, the current signing key version can be
+queried via `~.RequestHandler.get_secure_cookie_key_version`.
+
.. _user-authentication:
User authentication
* Passing ``secure=False`` or ``httponly=False`` to
`.RequestHandler.set_cookie` now works as expected (previously only the
presence of the argument was considered and its value was ignored).
+* Key versioning support for cookie signing. ``cookie_secret`` application
+ setting can now contain a dict of valid keys with version as key. The
+ current signing key then must be specified via ``key_version`` setting.
`tornado.websocket`
~~~~~~~~~~~~~~~~~~~
.. automethod:: RequestHandler.clear_cookie
.. automethod:: RequestHandler.clear_all_cookies
.. automethod:: RequestHandler.get_secure_cookie
+ .. automethod:: RequestHandler.get_secure_cookie_key_version
.. automethod:: RequestHandler.set_secure_cookie
.. automethod:: RequestHandler.create_signed_value
.. autodata:: MIN_SUPPORTED_SIGNED_VALUE_VERSION
* ``cookie_secret``: Used by `RequestHandler.get_secure_cookie`
and `.set_secure_cookie` to sign cookies.
+ * ``key_version``: Used by requestHandler `.set_secure_cookie`
+ to sign cookies with a specific key when ``cookie_secret``
+ is a key dictionary.
* ``login_url``: The `authenticated` decorator will redirect
to this url if the user is not logged in. Can be further
customized by overriding `RequestHandler.get_login_url`
projects / thirdparty / tornado.git / commitdiff
