Hi, I'm using pyramid 1.5.1 and in trying to figure out SessionAuthenticationPolicy I found problems. I looked at HEAD (I think) on github and problems seem to exist there too.
unauthenticated_userid is not documented. The callback function is never called. The debug output is: 2014-08-06 02:59:43,213 DEBUG [testlogin][Dummy-3] pyramid.authentication.SessionAuthenticationPolicy.effective_principals: unauthenticated_userid returned None; returning ['system.Everyone'] The problem is that SessionAuthenticationPolicy is counting on having a "prefix + 'userid'" session key in request.session. However there's no documentation on this and so the key does not exist. One possible approach is to supply an identity keyword argument in a fashion similar to that in ReposeWho1AuthenticationPolicy so the user knows what key is supposed to exist. (This seems heavy-handed.) I'm not really thinking things through at the moment but it seems to me that there needs to be some sort of documentaion, if not an interface, for setting the value behind SessionAuthenticationPolicy.(un)authenticated_userid. Or something. As it is SessionAuthenticationPolicy is impossible to use without snooping through the source. Sorry to run-on. I've been working at this for a while and my brain is full. Meanwhile, if I simply set request.session[prefix + 'userid'] in my app will I be reasonably future-proof? (I've not actually tried this to see if it works.) Thanks. Karl <k...@meme.com> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein -- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-devel+unsubscr...@googlegroups.com. To post to this group, send email to pylons-devel@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-devel. For more options, visit https://groups.google.com/d/optout.