[Twisted-Python] Re: cred and stateless protocols

glyph at divmod.com glyph at divmod.com
Fri May 5 15:39:21 MDT 2006



On Fri, 5 May 2006 16:53:54 +0200, Tristan Seligmann <mithrandi-twisted-python at mithrandi.za.net> wrote:
>* Manlio Perillo <manlio_perillo at libero.it> [2006-05-03 13:20:34 -0200]:
>
>> Ok, but it is improper to require such an authentication for each
>> resource... ;-)
>>
>> Clients authenticate once and use "sessions" to identify themselves.
>
>Many people are successfully using basic/digest auth without any use of
>sessions, and I would hardly call this "improper". In many cases it is
>much more straightforward than bolting on stateful session tracking, and
>it also potentially makes client implementation simpler.

HTTP auth can also be used in such a way that the "session" is simply the username that is being authenticated.  nevow.guard attempts to make the distinction between cookie-based and http-auth-based sessions simply an implementation detail.




More information about the Twisted-Python mailing list