>From a quick read through, itsdangerous is a signed cookie implementation, equivalent to the builtin pyramid.session.SignedCookieSessionFactory.
Signed cookies are usually just fine, you only need encryption if you want to prevent the user from inspecting the content stored in their cookies. On Saturday, 16 May 2015 01:07:09 UTC-7, Tom Lazar wrote: > > FWIW we've been using 'regular' cookies with content encrypted by > http://pythonhosted.org/itsdangerous/ for many projects now. Works like a > charm. > > Sent from a phone, please excuse the brevity. > > On 16.05.2015, at 01:58, Jonathan Vanasco <[email protected] > <javascript:>> wrote: > > Sorry a bit confused about the types/locations of data you're talking > about. > > Also I checked and pyramid does not have encrypted cookies. Sorry. I > thought I read that someone had released a package; maybe it was a 3rd > party plugin. > > Anyways... > > If your session has some sort of abstract 'account identifier' in it, and > that matches up with some sort of database or hardcoded user info, you > should be fine with a signed cookie. > If your session has some sort of 'credentials' in it that the API needs to > work (like a login/password), I would encrypt that payload. I would also > prefer to route it through https if the encryption is not very strong. > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected] > <javascript:>. > Visit this group at http://groups.google.com/group/pylons-discuss. > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
