Use pyramid.SignedCookieSessionFactory instead of `UnencryptedCooki…

…eSessionFactoryConfig`

velruse/app/__init__.py

@@ -1,4 +1,5 @@
 import os
+import sys
 
 from anykeystore import create_store_from_settings
 
@@ -16,6 +17,8 @@
 
 log = __import__('logging').getLogger(__name__)
 
+PYTHON_2 = sys.version_info.major == 2
+
 
 def auth_complete_view(context, request):
     endpoint = request.registry.settings.get('endpoint')
@@ -77,7 +80,8 @@ def default_setup(config):
     specified then an in-memory storage backend will be used.
 
     """
-    from pyramid.session import UnencryptedCookieSessionFactoryConfig
+    # from pyramid.session import UnencryptedCookieSessionFactoryConfig
+    from pyramid.session import SignedCookieSessionFactory
 
     log.info('Using an unencrypted cookie-based session. This can be '
              'changed by pointing the "velruse.setup" setting at a different '
@@ -87,15 +91,18 @@ def default_setup(config):
     secret = settings.get('session.secret')
     cookie_name = settings.get('session.cookie_name', 'velruse.session')
     if secret is None:
-        log.warn('Configuring unencrypted cookie-based session with a '
-                 'random secret which will invalidate old cookies when '
-                 'restarting the app.')
+        log.info(
+            'Configuring unencrypted cookie-based session with a '
+            'random secret which will invalidate old cookies when '
+            'restarting the app.')
         if secrets is not None:
             secret = secrets.token_urlsafe(32)
-        else:
+        elif PYTHON_2:
             secret = ''.join('%02x' % ord(x) for x in os.urandom(16))
+        else:
+            secret = ''.join('%02x' % x for x in os.urandom(16))
         log.info('autogenerated session secret: %s', secret)
-    factory = UnencryptedCookieSessionFactoryConfig(
+    factory = SignedCookieSessionFactory(
         secret, cookie_name=cookie_name)
     config.set_session_factory(factory)