[Zope-PAS] [RFC] Extending CookieAuthHelper
tino at wildenhain.de
Thu Nov 11 16:30:33 EST 2004
Am Do, den 11.11.2004 schrieb Jens Vagelpohl um 20:20:
> > WRT sessions, it is a goal of mine for Zope 3 sessions that they be
> > ubiquitous
> > and storable over ZEO. This means that we choose not to write to them
> > very
> > often. :) This alows us to *count* on them being there.
> I believe sessions are one of these killer things that is underutilized
> for various reasons. One possibly being the fact that they seem to
> require a lot of mind-bending internal logic to do what they are
> supposed to do (hello Chris ;), and sometimes reliability is a problem
> due to the complicated internal logic.
> The plugin I am thinking of only writes to the session once, on login,
> and then compares the incoming session key to retrieve credentials from
> the session. So it seems quite sessioning-friendly.
Reminder as we spoke on IRC:
use a simple pickelable object, perhaps named
__credentials with attributes username and password
to protect the credentials to be seen by user code,
in tracebacks and from beeing changed by user code.
When you store in a session.
More information about the Zope-PAS