diff --git a/development.ini b/development.ini --- a/development.ini +++ b/development.ini @@ -353,46 +353,35 @@ beaker.cache.sql_cache_short.key_length #################################### ### BEAKER SESSION #### #################################### + +## Name of session cookie. Should be unique for a given host and path, even when running +## on different ports. Otherwise, cookie sessions will be shared and messed up. +beaker.session.key = kallithea +## Sessions should always only be accessible by the browser, not directly by JavaScript. +beaker.session.httponly = true +## Session lifetime. 2592000 seconds is 30 days. +beaker.session.timeout = 2592000 + +## Server secret used with HMAC to ensure integrity of cookies. +beaker.session.secret = development-not-secret +## Further, encrypt the data with AES. +#beaker.session.encrypt_key = +#beaker.session.validate_key = + ## Type of storage used for the session, current types are ## dbm, file, memcached, database, and memory. -## The storage uses the Container API -## that is also used by the cache system. + +## File system storage of session data. (default) +#beaker.session.type = file -## db session ## +## Cookie only, store all session data inside the cookie. Requires secure secrets. +#beaker.session.type = cookie + +## Database storage of session data. #beaker.session.type = ext:database #beaker.session.sa.url = postgresql://postgres:qwe@localhost/kallithea #beaker.session.table_name = db_session -## encrypted cookie client side session, good for many instances ## -#beaker.session.type = cookie - -## file based cookies (default) ## -#beaker.session.type = file - -## beaker.session.key should be unique for a given host, even when running -## on different ports. Otherwise, cookie sessions will be shared and messed up. -beaker.session.key = kallithea -beaker.session.secret = development-not-secret - -## Secure encrypted cookie. Requires AES and AES python libraries -## you must disable beaker.session.secret to use this -#beaker.session.encrypt_key = -#beaker.session.validate_key = - -## sets session as invalid if it haven't been accessed for given amount of time -beaker.session.timeout = 2592000 -beaker.session.httponly = true -#beaker.session.cookie_path = / - -## uncomment for https secure cookie -beaker.session.secure = false - -## auto save the session to not to use .save() -beaker.session.auto = False - -## default cookie expiration time in seconds `true` expire at browser close ## -#beaker.session.cookie_expires = 3600 - ############################ ## ERROR HANDLING SYSTEMS ## ############################