Okay, going through the Pyramid source I can understand what remember()
does, but I'm not quite sure about the meaning and usage of tokens (the
token kw).
Can I use these tokens to supply additional identity info (like the user
group) to the auth cookie and thus obsolete the need to lookup user
group upon each request?
Thanks,
Vlad
On 03/24/2011 06:54 PM, Vlad K. wrote:
I'm slightly confused regarding the trio of
AuthTktAuthenticationPolicy, its groupfinder callback and the
pyramid.security.remember() function.
First of all, I don't quite understand the kw params of the remember()
function. If those params are app specific, where can they be "read"
and used after remembering?
Furthermore, is the groupfinder callback really needed? Can't all the
relevant user data (say userid, and group principals) be set via the
signed cookie? In other words, how can I prevent (db storage) lookup
upon each request and rely only on the data in the ticket cookie?
After all, the userid and group is usually (at least in my case) set
upon login and does not have to be looked up for existence upon each
request.
Or am I missing something?
Thanks,
Vlad
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
