[Twisted-Python] Fitting cred into my application

exarkun at twistedmatrix.com exarkun at twistedmatrix.com
Mon Sep 24 14:36:21 MDT 2012


On 08:17 pm, matt at conundrum.com wrote:
>
>On 2012/09/23, at 18:55, Itamar Turner-Trauring wrote:
>>Attached find an example server, and a client demonstration - it's 
>>only very lightly tested, so likely wrong or buggy somewhere. I didn't 
>>bother to implement sessions, so you need to login with every command 
>>if you want extended access.
>
>Thanks for the examples, I'll have a look tonight.
>
>I was going to avoid the issue of session handling by putting the 
>portal on the protocol.  That way authentication, once done, can be 
>persistent for the length of the connection without having to do any 
>special session handling.

As soon as you have a proxy between your client and server, you'll 
regret this.  The HTTP authentication standards specifically forbid this 
style of authentication, and the proxy standards explicitly allow the 
lifetime of connections between a client and the proxy to be different 
from the lifetime of connections between the proxy and the server.

In other words, there are reasons HTTP auth works the way it does.

Also, there is a list dedicated to web topics:

    http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web

Jean-Paul




More information about the Twisted-Python mailing list