beaker – dolmen.beaker Configuration Module

Configure dolmen.beaker.

One main advantage of using dolmen.beaker is that session data for a certain user can be stored almost automatically in a cookie, thus reducing the number of needed ZODB operations.

Security Advisory

To prevent users from playing around with their session data, these data is encrypted by some keys stored in a dict registered as a global utility.

These keys are set each time the Zope instance starts. If they change, all existing cookies will become unreadable and therefore the stored sessions will be lost. Already logged-in users will have to login again and all other session based operations might have to be restarted.

Changing the keys might therefore have sideeffects.

On the other hand static keys stored in SVN might become known to users and enable them to manipulate their session data.

For better security the keys (or one of the keys) could therefore be gathered from ‘outside’ (a file in filesystem, some environment var, or whatever).