[Twisted-web] [Nevow] new chapter about authentication
Manlio Perillo
manlio_perillo at libero.it
Sat Aug 5 04:49:47 CDT 2006
Valentino Volonghi aka Dialtone ha scritto:
> [...]
> Also it would use the session as a storage for
> objects which is a bad way to program. Of course it is possible anyway,
> but at least it's not encouraged by the framework.
>
I have found an example that needs specialized (non authenticators)
sessions.
Several e-commerce sites allow costumers to put items into a basket even
if they are not authenticated.
Authentication is really needed only for the transaction, where we need
the costumer approvation and its private data.
And it is a good idea to put the transaction resource on a subdomain,
SSL protected (and setting the secure and domain cookie attributes).
I thinks that you implementation of guard is focused on a single type of
web application, like stiq.
Regards Manlio Perillo
More information about the Twisted-web
mailing list