Thanks, I'll look into the signed cookies. That might be good enough for my current needs.
I should have been more clear... The cookie structure is basically: PAYLOAD[ 2-way-encryption + date ]::CHECKSUM I added the checksum for lightweight validation, before doing anything on the payload which was more expensive to reverse. I wanted the date in there - and not just on the cookie - because it gave me a facility to rotate secret keys in the future. On Feb 29, 12:23 am, Michael Merickel <[email protected]> wrote: > a) Your example with the checksum isn't encryption, so watch your jargon. > Pyramid doesn't ship with any encryption capabilities. > b) See p.session.signed_serialize and p.session.signed_deserialize for > signing a payload. > > http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/api/sess... > > On Tue, Feb 28, 2012 at 11:44 AM, Jonathan Vanasco <[email protected]>wrote: > > > > > > > > > I didn't find anything in the docs, but I figured it would be worth > > asking. > > > I am porting over a login system from Pylons. One of the elements has > > a "cookie_autologin", which sets a 30day cookie if someone clicks > > "remember me". the contents of the cookie are a lightweight payload > > + checksum. > > > I figured if there is something in pyramid that handles that, it's > > likely stronger and faster than pylons stuff i wrote in 2007. > > > -- > > You received this message because you are subscribed to the Google Groups > > "pylons-discuss" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > >http://groups.google.com/group/pylons-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
