Granted, I'm no expert on this, but since authentication has yet to complete, didn't you just grant an unauthenticated user access to a session that may or may not turn out to belong to that user?
On Thu, Jul 29, 2010 at 2:25 PM, Marc Munro <[email protected]> wrote: > Can anyone explain why authentication and authorization are performed > before the cache and session middleware is invoked? > > I want my identification mechanism to be able to use the Beaker > session but this is not available until after authentication has > completed. > > As an experiment I modified AppConfig.make_base_app to add the > authentication middleware before the core middleware and now my > identification functions can see the Beaker session. > > Someone please tell me why what I have done is wrong. > > Thanks > __ > Marc > > -- > You received this message because you are subscribed to the Google Groups > "TurboGears" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<turbogears%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/turbogears?hl=en. > > -- Michael J. Pedersen My IM IDs: Jabber/[email protected], ICQ/103345809, AIM/pedermj022171 Yahoo/pedermj2002, MSN/[email protected] -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/turbogears?hl=en.
