added session

development.ini

@@ -19,7 +19,10 @@ sqlalchemy.url = sqlite:///%(here)s/ordr.sqlite
 
 retry.attempts = 3
 
-auth.secret = 'change me!'
+auth.secret = 'Change Me 1'
+session.secret = 'Change Me 2'
+session.auto_csrf = true
+static_views.cache_max_age = 0
 
 # passlib settings
 # setup the context to support only argon2 for the moment

ordr/__init__.py

@@ -1,4 +1,5 @@
 from pyramid.config import Configurator
+from pyramid.session import SignedCookieSessionFactory
 
 
 __version__ = '0.0.1'
@@ -8,6 +9,11 @@ def main(global_config, **settings):
     """ This function returns a Pyramid WSGI application.
     """
     config = Configurator(settings=settings)
+    
+    session_factory = SignedCookieSessionFactory(settings['session.secret'])
+    config.set_session_factory(session_factory)
+    config.set_default_csrf_options(require_csrf=settings['session.auto_csrf'])
+
     config.include('pyramid_jinja2')
     config.include('.models')
     config.include('.resources')