[Twisted-Python] Re: cred and stateless protocols
Nicola Larosa
nico at tekNico.net
Fri May 5 18:07:02 EDT 2006
> HTTP auth can also be used in such a way that the "session" is simply
> the username that is being authenticated. nevow.guard attempts to make
> the distinction between cookie-based and http-auth-based sessions simply
> an implementation detail.
Unfortunately they're functionally equivalent only as long as the same
credentials are only used on one browser instance at the same time. If one
user authenticates himself on two browsers with the same credentials, there
can be two distinct cookie-based sessions, but only one http-auth based
"session".
An interesting discussion about this has been going on for weeks now on the
rest-discuss mailing list on Yahoo Groups.
--
Nicola Larosa - http://www.tekNico.net/
Most people are doomed in childhood by accepting the axiom that work equals
pain. Those who escape this are nearly all lured onto the rocks by prestige
or money. How many even discover something they love to work on? A few
hundred thousand, perhaps, out of billions. -- Paul Graham, January 2006
More information about the Twisted-Python
mailing list