I'm slightly confused regarding the trio of AuthTktAuthenticationPolicy, its groupfinder callback and the pyramid.security.remember() function.
First of all, I don't quite understand the kw params of the remember() function. If those params are app specific, where can they be "read" and used after remembering?
Furthermore, is the groupfinder callback really needed? Can't all the relevant user data (say userid, and group principals) be set via the signed cookie? In other words, how can I prevent (db storage) lookup upon each request and rely only on the data in the ticket cookie? After all, the userid and group is usually (at least in my case) set upon login and does not have to be looked up for existence upon each request.
Or am I missing something? Thanks, Vlad -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
