[Twisted-web] [Nevow] about new guard in sandbox

Manlio Perillo manlio_perillo at libero.it
Mon Jul 31 14:05:26 CDT 2006


Hi again.

I have read the draft implementation of guard in Valentino's sandbox and
I like it.

However I have some questions:
- why the ISessionMenager interface does not include a name attribute
  (since the default Session class uses the private _name)?
- why Session.authenticatedAs has to be a property?
- I think that there is no need to store tha password but only the
  username, so authenticatedAs -> avatarID
- what's the use for the guard attribute in Session?
- I think that ISessionManager should not have the loggedIn method.
- as I can see the code in SessionManager._tick causes the log
  "Session %r expired" to be issued two times.
- what's the use for mind in a web authentication?
- why credInterface is a variable? It can be something different from
  IResource?
- Session.sessionLifetime is only used on the server side but never set
  on the cookie.
  Only persistent cookies have a not null expiration date.
- As I can see in SessionWrappper.locateChild the code
  request.session = session is executed twice (the first time in
  getSession.


Thanks  Manlio Perillo



More information about the Twisted-web mailing list