Hi all, Was looking at implementing a custom signing backend via a HSM to sign and validate my Django sessions without knowing the key.
It seems that the functions signing.loads() and signing.dumps() force you to use TimestampSigner [1] rather than calling get_cookie_signer(). This has the interesting side effect that response.set_signed_cookie() does go via the signing backend but the signed_cookie session engine is signed with a different backend. Is there any reason the loads() and dumps() functions don't use the signing backend? [1] https://github.com/django/django/blob/master/django/core/signing.py#L127 --danni -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/b6f92f36-54f8-4371-96d0-7ac420d89838%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
