Hi, I was just experimenting with adding a token to the auth_tkt cookie but I think the current implementation is incorrect.
The repoze.who code is trying to handle a string or a list by converting a list into a comma-separated string before calling paste's auth_tkt. However, Paste is documented as expecting "a list of strings". As a result, repoze.who gets it wrong whatever you pass as tokens: * 'foo' is added to the cookie as 'f,o,o'; should be 'foo' * ['foo'] is added to the cookie as 'f,o,o'; should be 'foo' * ['foo', 'bar'] is added to the cookie as 'f,o,o,,,b,a,r'; should be 'foo,bar' (Paste also allows a token containing a comma which really screws things up at parse time but that's a different matter ;-) I'm not sure anyone can be using tokens in their current state so I suggest repoze.who always treats tokens as a list of strings to match Paste. I'm happy to send a patch for that but wanted to check you agreed with the reasoning first. - Matt _______________________________________________ Repoze-dev mailing list Repozefirstname.lastname@example.org http://lists.repoze.org/listinfo/repoze-dev