what kind of data ? what kind of application ?
i've done things like this under pyramid:
- store long-term 'cached' data in the database , keyed to a userid in the
session. refresh that into the session if the user is logged in, but that
key is not present. ( also save it whenever the values change )
if 'user.id' in session and session['user.id']
if 'user.longcached' not in session:
session['user.longcached'] =
lib.api_internal.get_user_longcache( request , session['user.id'] )
- store random crap in a cookie
a- use a series of plaintext cookies for random identifiers
b- use a cookie that is insecure, but secure enough for my needs. drop
all my data into a dict, convert to json, turn it into an encrypted or
signed cookie. on session activations , read this data, validate for a
timely timestamp/signature, migrate into the session. i wrote a library to
help with this
-
https://github.com/jvanasco/insecure_but_secure_enough/blob/master/insecure_but_secure_enough/__init__.py
the big trick i learned was to get this stuff into the session as soon as
possible. just read the cookies once, migrate to session, and work from
there. it really simplifies debugging.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/pylons-discuss/-/YWFP2TW5m_UJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
