Stuart Clarke wrote: > Hi all, > > I've some questions about TG's Identity extension: > > 1. My website must be customised on a per-user basis. But not on a > per-session basis. Sessions introduce overhead, requiring DB writes > every time a user logs in. Question: can I use Identity for user > authentication, but avoid sessions entirely? That is, have the user's > cookie contain username and password information, and match that against > the DB with every page access? This will create a pseudo-session that's > tied to the user's cookie, and will expire when the cookie expires > (requiring the user to log in again).
Identity is dependent on a "visit" key, which is a hash representing a visitor (authenticated or not). When the anonymous user logs in, that visit hash is tied to the user's identity in the database. After some inactive time (default 20 minutes), the visit hash expires, and the user receives a new visit key (and loses their authenticated status). So, by default, it sort of meets your requirements, although every user receives a cookie, not just authenticated ones. But, it's not like a traditional "session", where you can assign variables to the session as a way to save state. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
