I am very interested in token-based authentication and authorization using web services because I'm about to have to start getting in to that. I do have a question though, because I was wondering this: can you make a login(username, password) function that does the authentication, then saves something like logged_in=True to the session?
I only ask because I don't know if web service clients (like XML-RPC and JSON-RPC) observe sessions. It would be interesting to see, because then you wouldn't need to worry about tokens and it would work more like the traditional web-based login from a browser.
