From: Ben Darnell <ben@bendarnell.com>
Date: Fri, 17 Sep 2010 21:45:45 +0000 (-0700)
Subject: Move cookie-signing code from set_secure_cookie to a new method for non-cookie use... 
X-Git-Tag: v1.2.0~125
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=625a9bef1adae3d075ac098418f70b5603b83b29;p=thirdparty%2Ftornado.git

Move cookie-signing code from set_secure_cookie to a new method for non-cookie use cases
---

diff --git a/tornado/web.py b/tornado/web.py
index b21f0be29..092306b07 100644
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -317,11 +317,21 @@ class RequestHandler(object):
 
         To read a cookie set with this method, use get_secure_cookie().
         """
+        self.set_cookie(name, self.create_signed_value(name, value),
+                        expires_days=expires_days, **kwargs)
+
+    def create_signed_value(self, name, value):
+        """Signs and timestamps a string so it cannot be forged.
+
+        Normally used via set_secure_cookie, but provided as a separate
+        method for non-cookie uses.  To decode a value not stored
+        as a cookie use the optional value argument to get_secure_cookie.
+        """
         timestamp = str(int(time.time()))
         value = base64.b64encode(value)
         signature = self._cookie_signature(name, value, timestamp)
         value = "|".join([value, timestamp, signature])
-        self.set_cookie(name, value, expires_days=expires_days, **kwargs)
+        return value
 
     def get_secure_cookie(self, name, include_name=True, value=None):
         """Returns the given signed cookie if it validates, or None.