[Zope-PAS] [RFC] Extending CookieAuthHelper

Lennart Regebro regebro at nuxeo.com
Fri Nov 12 11:20:40 EST 2004

Jens Vagelpohl wrote:
> Looking at this a little more a few questions come to mind. First of 
> all, would it be considered a "normal" use case that someone would want 
> to have both the CookieAuthHelper and the SessionAuthHelper plugins 
> running at the same time? I'm thinking they both could be replaced by a 
> single plugin.

Since the Sessions relly on cookies anyway, I can't see any reason why 
you would need both at one time. I think the only reason to separate 
them is clarity. It seems simpler to start using session by using a 
session plugin.

On the other hand, a choice between "store credentials in cookie" and 
"store credentials in session" is pretty clear too, +0.5 to your merging 
ideas, because at least the challenge code is the same, but currently -1 
on having some sort of credential storage plugin... Because then, can't 
you just have separate extraction plugins from the start? It would be 
the same... or?

Lennart Regebro, Nuxeo     http://www.nuxeo.com/
CPS Content Management     http://www.cps-project.org/

More information about the Zope-PAS mailing list