* remove max_age - A session cookie is better, because it's
a session thing, really.
* Call the cookie mediagoblin_csrftoken, much clearer.
* Use the SCRIPT_NAME for the path of the cookie, so that
the cookie is sent back to the right place only.
Alternatively the path= parameter could be removed, so
that it defaults to '/'.
* call the randomness function only once, instead of twice.
64 bits should be enough. If really more bits are needed,
increase the number.
* Just give the number as cookie. No point in md5 and
hexdigest in my view (those functions just make another
representation).
* getrandbits gets a bit count directly, simpler API
* Removes a bunch of content that doesn't need to be in the suer manual
anymore.
* Fixes issues so it's more readable in source form.
* Adds help chapter.
* Moves links out of paragraphs to reduce line length.
* Cleans up some language.
* Fixes some links.
When running mediagoblin in a sub path on a web server,
most things inside mediagoblin need the "inside path", but
when generating URLs for the webbrowser, full paths are
needed.
urlgen and routes already do that.
Some (mostly pagination and login) need the URL of the
current page. They used request.path_info. But this is the
"inside" path, not the full.
So now there is request.full_path and its used in various
places.
* Removed trailing whitespace
* Line length < 80 where possible
* Honor conventions on number of blank lines
* Honor conventions about spaces around :, =
If the server is running in email debug mode (current
default), users have often asked where the mail is. So tell
them in the web browser that their mail is on the console.
entries and other files the client should have some idea on
how long it can cache those files locally before asking
again for them.
The old setting was: Don't allow the client to cache.
New setting:
1 week for the media entries (they don't change, ever)
1 day for css/logos, etc. They change on an update, so
people might want to see the new design soon.
