Some mostly cosmetic changes to CSRF

* remove max_age - A session cookie is better, because it's
  a session thing, really.
* Call the cookie mediagoblin_csrftoken, much clearer.
* Use the SCRIPT_NAME for the path of the cookie, so that
  the cookie is sent back to the right place only.
  Alternatively the path= parameter could be removed, so
  that it defaults to '/'.
* call the randomness function only once, instead of twice.
  64 bits should be enough. If really more bits are needed,
  increase the number.
* Just give the number as cookie. No point in md5 and
  hexdigest in my view (those functions just make another
  representation).
* getrandbits gets a bit count directly, simpler API

0 files changed, 0 insertions, 0 deletions