First things first, Thanks a bunch for your reply. "Can you just read the cookie"
Yes: request.cookies "and match it to a session?" I would like to, but I do not know how? "Do these callbacks occur quickly enough that the session has not expired?" Yes. "the callback is not technically "logged in" (it has stolen a cookie)" I dare say it's quite true, but the only thing I still need to know is: How to get these two values by the given session_id, 1. is_logged_in (boolean) 2. username or user email (string) I would be great if Someone could help with this... Thanks On 11 Feb., 18:41, pbreit <[email protected]> wrote: > Can you just read the cookie and match it to a session? Do these callbacks > occur quickly enough that the session has not expired? I don't know exactly > how sessions work but I could imagine there's be problems using sessions > with callbacks since the callback is not technically "logged in" (it has > stolen a cookie).
