I'm working on porting an old PHP project of mine over to Pylons. For authentication this project mainly uses a lot of Postgres stored procedures. As well as checking valid login attempts, the database generates and tracks authentication tokens that are stored client-side in cookies. Each token is calculated by hashing the username, ip address, useragent, and some other stuff. Current valid tokens are stored in a db table. The cookie expiration (token timeout) is automatically updated each time the token is used, up to a maximum lifetime. If I expect to port this app over successfully, this authentication system cannot be altered at this time.
I know that I can use a customized authentication backend with Authkit, but I'm not sure that it's made to be tweaked this throughly (short of essentially forking it...meh). But I do like middleware-ish features like the decorators and intercepting HTTP status codes. Should I roll-my-own solution now and maybe port it over to AuthKit down the road, or can I drop-in the functionality I need without murdering the existing code too much? -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
