[Twisted-Python] Re: cred and stateless protocols

Nicola Larosa nico at tekNico.net
Wed May 3 06:14:51 EDT 2006


> Stateless protocols like HTTP use sessions for client authentication.

Don't say such a thing in REST company, you could be lynched. ;-)

HTTP does *not* use sessions for authentication (sessions are not defined
in the protocol anyway): it uses headers for Basic and Digest
authentication, see RFC 2617.


> The session is created by the server and the client should supply it at
> each request.

The client supplies authentication *headers* with each request.


> The question is: does cred support this type of authentication?

There's support in twisted.web.woven.guard and .simpleguard .


-- 
Nicola Larosa - http://www.tekNico.net/

It might be a good rule simply to avoid any prestigious task.
If it didn't suck, they wouldn't have had to make it prestigious.
 -- Paul Graham, January 2006






More information about the Twisted-Python mailing list