[Twisted-Python] Re: cred and stateless protocols

Manlio Perillo manlio_perillo at libero.it
Wed May 3 09:20:34 MDT 2006


Nicola Larosa ha scritto:
>> Stateless protocols like HTTP use sessions for client authentication.
> 
> Don't say such a thing in REST company, you could be lynched. ;-)
> 
> HTTP does *not* use sessions for authentication (sessions are not defined
> in the protocol anyway): it uses headers for Basic and Digest
> authentication, see RFC 2617.
> 

Ok, but it is improper to require such an authentication for each
resource... ;-)

Clients authenticate once and use "sessions" to identify themselves.

> 
>> The session is created by the server and the client should supply it at
>> each request.
> 
> The client supplies authentication *headers* with each request.
> 

Yes.

> 
>> The question is: does cred support this type of authentication?
> 
> There's support in twisted.web.woven.guard and .simpleguard .
> 

Ok, but maybe sessions can be used by other protocols (over UDP).
I whould like to have some support for creating secure sessions, but
maybe I just have to do urandom(some_bits)?



Thanks  Manlio Perillo




More information about the Twisted-Python mailing list