-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mr SZ wrote:
> I have been using cookie crumbler for my site.From the code, I > figured out that it stores a base64 encoded value of the > username:pass in the cookie. My doubt is how do I modify this > behaviour of CC? CC allows me to override the set and expire the > authCookie methods.I don't want my user's credentials store in a > cookie encoded using base64. Storing those credentials in a cookie is the whole purpose of CookieCrumbler: it sounds as though you should stop using it. > Also, is it a good idea to store the users password in the session > data? The reason being that the users are not stored on zope and > their passwords are one time tokens received from an external auth > service.I felt that if I store them in zodb, then it becomes difficut > to flush them out after every session. Sessions in a stock Zope2 setup are stored in a separate, RAM-based storage, with built-in expiration: after the browser is no longer making requests, its server-side session mapping gets discarded. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJRQ72+gerLs4ltQ4RAjqMAKDIewztztUtLuBqP08g1k/YwdDnHgCgrCZV pFM9fp4knVCNs3y0mRMCKfw= =I8vG -----END PGP SIGNATURE----- _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )