If you serve content via https, you may not need/want encrypted cookies. You can get free SSL certs trusted in most browsers from LetsEncrypt.org
If your desire to encrypt the data is to keep the consumer from accessing the payload, it's not that hard to stuff an encrypted payload in the session or another cookie. I use a heavily forked version of pyramid_redis_sessions. the actual distribution hits redis way too much and caused bottlenecks for us. it uses multiple calls when only one is needed, and sets a new expire on every attribute access (only one is needed per request, or redis could be configured as a LRU cache and no expires are needed). -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/b906e2db-9d79-44bc-964f-711cc2e0cce3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
