I wouldn't authenticate on every request. That seems like a lot
of unnecessary work. Just authenticate once and use Cookies/Authentication
Tokens to sustain the session. It's already built in so it's pretty easy to
do. They even have a code snippet that shows how to use a special HTTP
Header to keep this authenticated session going without relying on dumping
the {% csrf_token %} on every response. It's written in Javascript but I'm
sure you could take the same approach and include it in your Desktop
application.On Wed, Jun 13, 2012 at 1:24 PM, Mike <[email protected]> wrote: > I'm working on a desktop app that will communicate with a server. I have > some experience with Django and with the user authentication system but I > haven't deployed a Django app with authentication yet. I'm planning to use > django for the server side component of this desktop app and the two will > communicate over SSL with JSON. Using Django, I can authenticate users and > hold onto the cookie on the client side for authenticating the views that > need it before they return their JSON. I could also send the userid and > password in every GET or POST. Which method is better? Is either more > secure? Using cookies I can take advantage of stuff built into Django such > as the @login_required() decorator. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/django-users/-/bt4FuP1zmYEJ. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
