Allen, In my very limited experience with Twisted,
On Thu, 2011-03-10 at 14:01 -0600, Allen Bierbaum wrote: > I have been looking into this further and decided on an API that works > as follows: > > - Use HTTPS for all requests > - POST to /session to create a new session token > - pass in username and password as parameters > - returns token string to be used for all further communication In the non-https case, roll a salt and other items (ip address, user agent, etc) into a secondary session key on the server. > - All further requests must have the token string which is used to > lookup the user/session > - on the server, the token will map to a user object to give me > information about their access rights, etc. > that's all I've ever needed: use the session key (token) to access an object array - the accessed object has all the twisty magic. > Now the question is how does this fit into twisted's view of the > world. The twisted web in 60 seconds tutorials [1] seem focused on > using HTTP Auth for credential checking and a internal cookie > (TWISTED_SESSION) for session management. Is there an easy way to > adapt these to my needs or do I need to roll my own code for this type > of twisted.web usage? Now you've gone back to credentials - this is outside of my experience with Twisted. Sessions are simple enough with Python alone in a twisted app. I'll need to use credentials soon so I hope you get an answer. Anybody using OpenID or webID instead of login/password? Could be better... > > -Allen > George -- George Pauly Ring Development www.ringdevelopment.com _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
