On Wednesday, June 21, 2017 at 10:47:26 PM UTC-4, Mike Orr wrote: > > > How do you get a secondary session? Can you do that with Pyramid's > session infrastructure?
Originally I extended Pyramid to have a ISessionHttpsFactory class that binds to `request.session_https` and basically copies what ISessionHttpFactory does. it's pretty simple, but i dropped it on pypi/github for others https://github.com/jvanasco/pyramid_https_session_core I've been moving away from that to simply use request properties with a finished callback. What do you mean by "a recent user/pass entry"? > One app supports a handful of auth mechanisms: - Form Login (user+pass entered into the site via https) - 3rd party login (Facebook/Twitter/etc) - Auto-Login (via secure cookie) - I think there may be another method or two... When someone logs in, we store in the session: * the timestamp * the login type + timestamp Most sections of our /account require a username+password entered within 15minutes. You'll see this common to a lot of finance, medical and enterprise software apps. If someone is "logged in" but hasn't provided a username+password within the last 15minutes, they can't view data in /account or modify settings. they are redirected to enter the credentials again. they still have a "logged in" status on the site, and are considered "logged in", they session is just considered "untrusted" for viewing or editing certain data. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/0e3a483b-c7e3-4fd3-a732-b53f0816b40b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
