[Twisted-Python] Re: cred and stateless protocols
glyph at divmod.com
glyph at divmod.com
Fri May 5 17:39:21 EDT 2006
On Fri, 5 May 2006 16:53:54 +0200, Tristan Seligmann <mithrandi-twisted-python at mithrandi.za.net> wrote:
>* Manlio Perillo <manlio_perillo at libero.it> [2006-05-03 13:20:34 -0200]:
>
>> Ok, but it is improper to require such an authentication for each
>> resource... ;-)
>>
>> Clients authenticate once and use "sessions" to identify themselves.
>
>Many people are successfully using basic/digest auth without any use of
>sessions, and I would hardly call this "improper". In many cases it is
>much more straightforward than bolting on stateful session tracking, and
>it also potentially makes client implementation simpler.
HTTP auth can also be used in such a way that the "session" is simply the username that is being authenticated. nevow.guard attempts to make the distinction between cookie-based and http-auth-based sessions simply an implementation detail.
More information about the Twisted-Python
mailing list