[Twisted-Python] Fitting cred into my application
exarkun at twistedmatrix.com
exarkun at twistedmatrix.com
Mon Sep 24 14:36:21 MDT 2012
On 08:17 pm, matt at conundrum.com wrote:
>
>On 2012/09/23, at 18:55, Itamar Turner-Trauring wrote:
>>Attached find an example server, and a client demonstration - it's
>>only very lightly tested, so likely wrong or buggy somewhere. I didn't
>>bother to implement sessions, so you need to login with every command
>>if you want extended access.
>
>Thanks for the examples, I'll have a look tonight.
>
>I was going to avoid the issue of session handling by putting the
>portal on the protocol. That way authentication, once done, can be
>persistent for the length of the connection without having to do any
>special session handling.
As soon as you have a proxy between your client and server, you'll
regret this. The HTTP authentication standards specifically forbid this
style of authentication, and the proxy standards explicitly allow the
lifetime of connections between a client and the proxy to be different
from the lifetime of connections between the proxy and the server.
In other words, there are reasons HTTP auth works the way it does.
Also, there is a list dedicated to web topics:
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
Jean-Paul
More information about the Twisted-Python
mailing list