An auth_tkt cookie also has space to store 'tokens', i.e. groups or
roles and 'user data', which might be used for storing fullname and
email address. Obviously there is a trade-off to be made between
cacheabiliy and liveness, but for many sites I suspect all of this
data could be safely set on a c
In my application, authenticated_userid() is just the integer primary key of
the user table stored in an auth_tkt cookie. It does not consult the
database at all. I do not remove users from the database, but they have an
'is_active' flag which controls whether they are allowed to log in.
The effec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris and I have been wrangling this afternoon over the way the Pyramid
security machinery interacts with SQL-based user / group stores. As a
result, I did a little investigation, and wanted to share the results.
Rationale
- -
The current "s