On 06/19/2012 08:38 PM, Ben Sizer wrote:
I have written my own Session object, based on the example Pyramid 1.3
provides, but with my own persistence mechanism - all well and good (I
think). In the cookie I store a key into my database, so that I can
retrieve persistent session info.
Now I'd like to implement authorization, so that I can show different
content to different authenticated users. So I looked at the
authentication policy docs and then at the AuthTktAuthenticationPolicy
and associated classes. They appear to also read and write a cookie,
and it seems like there is a large amount of overlap with the session
code. It's not clear if the two peacefully co-exist, or whether they
should be rolled into one object.
I figure I can use different cookie names in each case, but it seems
to be duplicating effort and increasing the chance of bugs, eg. if one
cookie expires when the other is valid, etc. I had imagined that I
would have 1 session object, linked to a single cookie. That session
would have a current_user() method or similar which would retrieve the
user from the database, based on a user ID stored in the session.
Basically, I don't know how to use these 2 things together - the doc
page on Sessions has nothing to say about auth or about security
(apart from the warning about the unencrypted session type) and the
page on Security says nothing about sessions. I could probably write
my own AuthenticationPolicy that queries my Session object but that
would involve it setting cookie headers which would interfere with
that Session.
How should I proceed?
You can probably just reuse the existing SessionAuthenticationPolicy here:
http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/api/authentication.html#pyramid.authentication.SessionAuthenticationPolicy
- C
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
