Make BaseCookieSessionFactory require timeout to be a number #1656
Comments
|
I'd be happy to review a PR which applied this change: it would need new tests for both valid and invalid string values. |
|
The first two references above are a mistake, please ignore. Sorry for the noise. Should this change/feature also be mentioned on the param documentation? |
@RaHus I don't see how this change would affect the intended behavior (IOW the docs are right, but the code has a bug), so I don't now whether adding something to its documentation would be appropriate. But it would definitely be appropriate to add a note to CHANGES.txt under "Bug Fixes". Thank you for your diligence! |
|
@stevepiercy I agree, i will add the relevant entry under "Bug Fixes" after checking if Thanks for the great software! |
|
This has been merged in #2117. Please re-open if this is not the case. |
In pyramid/session.py, BaseCookieSessionFactory (and CookieSession) accept a "timeout" parameter. This is stored in self._timeout, and later compared against a number (now - renewed).
With Python 3, comparing a number against a string is an immediate TypeError. With Python 2, it's not an error (but probably not a meaningful result).
Thus, if someone were to run a Pyramid web server on Python 2, and passed the "timeout" parameter straight from their configuration file (as a string, unparsed), the session timeout would silently fail -- until they upgraded to Python 3, at which point everything would start failing.
One simple improvement might be to change:
to:
(at https://github.com/Pylons/pyramid/blob/master/pyramid/session.py#L247) which would cause it to automatically upgrade a string like "1200" to the int 1200, or at least fail immediately (on all versions of Python) if you tried passing it something crazy.
The text was updated successfully, but these errors were encountered: