On Apr 26, 11:23 am, Bradley Wright <[email protected]> wrote: > Hello all, > > Here's my scenario: > > We have a RESTful backend system that provides authentication. I've > copied the code (with my own specific library stuff) from the "Simple > home-grown" example in the Pylons cook book. > > That all works fine (I can log in using a form, which calls the REST > interface, which returns a valid user). The issue is thus: > > For the user to perform any future data requests (such as "give me a > list of my friends", or "let me edit my profile"), they need a special > authenticated token. This token is returned when the user is logged > in, so it's available to Pylons from the second a user is > authenticated. Now, I figure I can simply stash this token in the > session and use it, but is there a better way to do this? There's one > particular caveat, which is that the lifespan of the token is limited > to 15 minutes, so Pylons needs to refresh it every 10 minutes or so. > This makes fiddling the session a bit clumsy. > > In Django I used a "request" middleware function, which doctored the > request object before the views got it (this looked at the token, > renewed it if need be, and then stashed it for the view). What's the > Pylons-esque way of doing this? > > I can't use middleware as I can't see any easy way of accessing the > logged in user object in middleware, so presumably it needs to be > somewhere else. > > Any thoughts appreciated.
This sounds somewhat like a system I'm working on. We use HTTP Basic over SSL. When the user-facing app needs to call a Web Service, the HTTP Basic credentials are shoved into the headers for the WS request. On the app side, the user's session is timed out after 15 minutes. I'm not sure if it's The Best approach, but it does mean that our Web Services are stateless. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
