-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mr SZ wrote:
> I have been using cookie crumbler for my site.From the code, I
> figured out that it stores a base64 encoded value of the
> username:pass in the cookie. My doubt is how do I modify this
> behaviour of CC? CC allows me to override the set and expire the
> authCookie methods.I don't want my user's credentials store in a
> cookie encoded using base64.
Storing those credentials in a cookie is the whole purpose of
CookieCrumbler: it sounds as though you should stop using it.
> Also, is it a good idea to store the users password in the session
> data? The reason being that the users are not stored on zope and
> their passwords are one time tokens received from an external auth
> service.I felt that if I store them in zodb, then it becomes difficut
> to flush them out after every session.
Sessions in a stock Zope2 setup are stored in a separate, RAM-based
storage, with built-in expiration: after the browser is no longer
making requests, its server-side session mapping gets discarded.
Tres.
- --
===
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJRQ72+gerLs4ltQ4RAjqMAKDIewztztUtLuBqP08g1k/YwdDnHgCgrCZV
pFM9fp4knVCNs3y0mRMCKfw=
=I8vG
-END PGP SIGNATURE-
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )