Hello all, Here's my scenario:
We have a RESTful backend system that provides authentication. I've copied the code (with my own specific library stuff) from the "Simple home-grown" example in the Pylons cook book. That all works fine (I can log in using a form, which calls the REST interface, which returns a valid user). The issue is thus: For the user to perform any future data requests (such as "give me a list of my friends", or "let me edit my profile"), they need a special authenticated token. This token is returned when the user is logged in, so it's available to Pylons from the second a user is authenticated. Now, I figure I can simply stash this token in the session and use it, but is there a better way to do this? There's one particular caveat, which is that the lifespan of the token is limited to 15 minutes, so Pylons needs to refresh it every 10 minutes or so. This makes fiddling the session a bit clumsy. In Django I used a "request" middleware function, which doctored the request object before the views got it (this looked at the token, renewed it if need be, and then stashed it for the view). What's the Pylons-esque way of doing this? I can't use middleware as I can't see any easy way of accessing the logged in user object in middleware, so presumably it needs to be somewhere else. Any thoughts appreciated. Brad --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
