On Sun, Apr 17, 2016 at 5:45 AM, Christoph Zwerschke <[email protected]> wrote:
> Any recommendation for a simple session factory just to support CSRF > protection? I'm asking because the default session is unencrypted and not > recommended when security is important, and pyramid_redis/beaker don't look > really actively maintained and add dependencies which need to be taken care > of. What do people here use for server side sessions? The unencrypted sessions are perfectly fine for storing workflow-based data such as flash messages, csrf tokens and many other types of info. The only things you must avoid when using a session cookies are large data and secrets (passwords and the like). pyramid_nacl_session exists if you feel you need an encrypted cookie. For backend cookies the are the ones you mentioned, I'm not aware of others but I'm sure they exist. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAKdhhwHs%3DtvANS3Mw2KHkfAjcVEvRKMtDgoKiv%3DOtbuUpio6fQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
