whoogle-search/app/models
Ben Busby 32ad39d0e1
Refactor session behavior, remove `Flask-Session` dep
Sessions are no longer validated using the "/session/..." route. This
created a lot of problems due to buggy/unexpected behavior coming from
the Flask-Session dependency, which is (more or less) no longer
maintained.

Sessions are also no longer strictly server-side-only. The majority of
information that was being stored in user sessions was aesthetic only,
aside from the session specific key used to encrypt URLs. This key is
still unique per user, but is not (or shouldn't be) in anyone's threat
model to keep absolutely 100% private from everyone. Especially paranoid
users of Whoogle can easily modify the code to use a randomly generated
encryption key that is reset on session invalidation (and set
invalidation time to a short enough period for their liking).

Ultimately, this should result in much more stable sessions per client.
There shouldn't be decryption issues with element URLs or queries
during result page navigation.
2022-08-29 13:36:40 -06:00
..
__init__.py Feature: language config (#27) 2020-05-12 17:15:53 -06:00
config.py Support proxying results through Whoogle (aka "anonymous view") (#682) 2022-04-13 11:29:07 -06:00
endpoint.py Refactor session behavior, remove `Flask-Session` dep 2022-08-29 13:36:40 -06:00
g_classes.py Counter latest result page style changes 2022-06-09 16:35:02 -06:00