Configure a session factory which will provide unencrypted (but signed) cookie-based sessions. The return value of this function is a session factory, which may be provided as the session_factory argument of a pyramid.config.Configurator constructor, or used as the session_factory argument of the pyramid.config.Configurator.set_session_factory() method.
The session factory returned by this function will create sessions which are limited to storing fewer than 4000 bytes of data (as the payload must fit into a single cookie).
Parameters:
Serialize any pickleable structure (data) and sign it using the secret (must be a string). Return the serialization, which includes the signature as its first 40 bytes. The signed_deserialize method will deserialize such a value.
This function is useful for creating signed cookies. For example:
cookieval = signed_serialize({'a':1}, 'secret')
response.set_cookie('signed_cookie', cookieval)
Deserialize the value returned from signed_serialize. If the value cannot be deserialized for any reason, a ValueError exception will be raised.
This function is useful for deserializing a signed cookie value created by signed_serialize. For example:
cookieval = request.cookies['signed_cookie']
data = signed_deserialize(cookieval, 'secret')
Check the CSRF token in the request’s session against the value in request.params.get(token). If a token keyword is not supplied to this function, the string csrf_token will be used to look up the token within request.params. If the value in request.params.get(token) doesn’t match the value supplied by request.session.get_csrf_token(), and raises is True, this function will raise an pyramid.httpexceptions.HTTPBadRequest exception. If the check does succeed and raises is False, this function will return False. If the CSRF check is successful, this function will return True unconditionally.
Note that using this function requires that a session factory is configured.
New in version 1.4a2.