Hi again. I have read the draft implementation of guard in Valentino's sandbox and I like it.
However I have some questions: - why the ISessionMenager interface does not include a name attribute (since the default Session class uses the private _name)? - why Session.authenticatedAs has to be a property? - I think that there is no need to store tha password but only the username, so authenticatedAs -> avatarID - what's the use for the guard attribute in Session? - I think that ISessionManager should not have the loggedIn method. - as I can see the code in SessionManager._tick causes the log "Session %r expired" to be issued two times. - what's the use for mind in a web authentication? - why credInterface is a variable? It can be something different from IResource? - Session.sessionLifetime is only used on the server side but never set on the cookie. Only persistent cookies have a not null expiration date. - As I can see in SessionWrappper.locateChild the code request.session = session is executed twice (the first time in getSession. Thanks Manlio Perillo _______________________________________________ Twisted-web mailing list [email protected] http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
