[Twisted-Python] Re: cred and stateless protocols
Nicola Larosa
nico at tekNico.net
Wed May 3 06:14:51 EDT 2006
> Stateless protocols like HTTP use sessions for client authentication.
Don't say such a thing in REST company, you could be lynched. ;-)
HTTP does *not* use sessions for authentication (sessions are not defined
in the protocol anyway): it uses headers for Basic and Digest
authentication, see RFC 2617.
> The session is created by the server and the client should supply it at
> each request.
The client supplies authentication *headers* with each request.
> The question is: does cred support this type of authentication?
There's support in twisted.web.woven.guard and .simpleguard .
--
Nicola Larosa - http://www.tekNico.net/
It might be a good rule simply to avoid any prestigious task.
If it didn't suck, they wouldn't have had to make it prestigious.
-- Paul Graham, January 2006
More information about the Twisted-Python
mailing list