Jean-Paul Calderone ha scritto:
> Feel free to do this, but it's not the recommended way to address this
> use case in twisted.web or Nevow. The version of guard which is included
> in releases of either won't work this way, nor will the documentation
> recommend this approach.
>
Yes.
And guard resolves the problem requiring that even anonymous users have
a session.
This is true. However, I think you're very confused in thinking that this is not necessary.
Guard is not only doing a not necessary thing (page with cookies can
have problems with cache, AFAIK) but this create a potential (very rare
indeed) security problem since an anonymous user gain a valid session ID
that can be "authenticated" by a valid user (session fixation).
First: What "problems with cache" are you referring to?
How do you expect to be able to tell different anonymous users apart without sessions and session IDs?
Christopher Armstrong
International Man of Twistery
http://radix.twistedmatrix.com/
http://twistedmatrix.com/
http://canonical.com/
_______________________________________________ Twisted-web mailing list [email protected] http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
