I'm going to claim ignorance here.
I don't use tokens, and to be honest, if I had it to do all over again, I
wouldn't expose them in the r.who API at all. auth_tkt has severe featureitis:
tokens vs. user_data, and other distinctions that nobody really needs or
understands at all.
That said, gi
Hi,
I was just experimenting with adding a token to the auth_tkt cookie
but I think the current implementation is incorrect.
The repoze.who code is trying to handle a string or a list by
converting a list into a comma-separated string before calling paste's
auth_tkt. However, Paste is documented
