Thanks so much! > For this type of data, at a minimum, calls to request.response.set_cookie should contain `httponly=True` and `secure=True`; the app should also be under https only. If I understand how your system uses these credentials correctly, `samesite=strict` should also be added.
Makes sense. (Yes, we deploy sites behind https.) > Store in a Server-Side session. There are many projects in the pyramid ecosystem for this. Any suggestions for 1-3 simple examples? Ideally with only Python dependencies -- I'd rather not add Redis, MongoDB etc. since we already have Supabase. Scott -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/383183b9-0506-4f01-9653-bca1f8781a7fn%40googlegroups.com.
