On 7/19/09 8:57 PM, Dalius Dobravolskas wrote: > Damjan wrote: >>> 2) Your server should remember somehow who and when initiated OpenID >>> request. So it create OpenID session and saves it to database (OpenID >>> session usually is encoded into return URL); >>> >> I can remember that in the http session (which could be Beakers secure >> cookie) >> > I guess that's not the most secure thing to do but if you want you could > try to write your own OpenID implementation. It might be possible that I > have oversimplified everything and there are more steps to make OpenID > secure. I really doubt that OpenID authors were that stupid so they have > not thought about secure cookies ;-)
It's a prefectly valid thing to do, and I do not see why you should not do that. The standard python openid implementation encourages this type of approach by making the store pluggable. Wichert. -- Wichert Akkerman <wich...@wiggy.net> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---