I've done a handful of side-by-side migrations or deployments. I think you already identified the generally best approach IMHO:
> Conceptually the simplest would be to have a auth cookie that is valid in both, it could be set to only be created in one and honoured in the other. However I recommend it with one caveat -- I would approach this functionality as if it were it's own authentication micro-service. It can live in one of the two processes, it doesn't need a third, but I would structure the UX, tests and development as if it were totally independent -- so the cookie value would just contain login state the core account info needed for auth and permissions. If either process needs to store other data in a cookie, use another cookie. Reading Pyramid cookies in Flask is pretty simple, Pyramid sessions just automate loading webob cookies with defaults * https://github.com/Pylons/pyramid/blob/master/src/pyramid/session.py * https://github.com/Pylons/webob/blob/master/src/webob/cookies.py In terms of Pyramid versions, if you need Python2 support - 1.10 is your only option. Otherwise, just pay attention to the deprecations on Pyramid2 and you should be able to transition from 1.10 to 2 very easily if you don't want to run the pre-release. Michael Merickel is the expert on this, but I think he and his team have done a great job in planning the 2.0 changes by offering a lot of "forward compatibility' options in 1.10 to prepare us for switching to 2.0. I could be wrong, but I think almost every one of the 2.0 changes can be elected in 1.10. The only difference I know of is the drastic change to authentication/authorization (which may be worth using the pre-release). -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/b0d9e559-d070-4522-82ef-217af2c63de2o%40googlegroups.com.