From 817ab988e00a72cf6a66cb2a8741fb3228def7ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bjo=CC=88rn=20Buckwalter?= Date: Fri, 16 Sep 2011 12:01:15 +0800 Subject: [PATCH] Comment explaining the behavior of nonce. Someone should confirm that this the intended behavior! --- yesod-core/Yesod/Internal/Request.hs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/yesod-core/Yesod/Internal/Request.hs b/yesod-core/Yesod/Internal/Request.hs index 8db60f88..43040b45 100644 --- a/yesod-core/Yesod/Internal/Request.hs +++ b/yesod-core/Yesod/Internal/Request.hs @@ -63,6 +63,10 @@ parseWaiRequest' env session' key' gen = Request gets'' cookies' env langs''' no Nothing -> langs'' Just x -> x : langs'' gets'' = map (second $ fromMaybe "") gets' + -- If the session is not secure a nonce should not be + -- used (any nonce present in the session is ignored). + -- If a secure session has no nonceKey a new one is + -- generated. nonce = case (key', lookup nonceKey session') of (Nothing, _) -> Nothing (_, Just x) -> Just x