I agree; go with sessions. However, if you don't want to implement
cookie handling in your desktop app, they don't have to be cookie-based
sessions. If you write your own authentication backend
(https://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend)
you could, for example, send the session id as a query parameter. That
way, you still get all the built-in authentication goodies (like
@login_required) but without the overhead of handling cookies.
_Nik
On 6/13/2012 10:29 AM, Kurtis Mullins wrote:
> I wouldn't authenticate on every request. That seems like a lot
> of unnecessary work. Just authenticate once and use
> Cookies/Authentication Tokens to sustain the session. It's already
> built in so it's pretty easy to do. They even have a code snippet that
> shows how to use a special HTTP Header to keep this authenticated
> session going without relying on dumping the {% csrf_token %} on every
> response. It's written in Javascript but I'm sure you could take the
> same approach and include it in your Desktop application.
>
> On Wed, Jun 13, 2012 at 1:24 PM, Mike <mike.t...@gmail.com
> <mailto:mike.t...@gmail.com>> wrote:
>
> I'm working on a desktop app that will communicate with a server.
> I have some experience with Django and with the user
> authentication system but I haven't deployed a Django app with
> authentication yet. I'm planning to use django for the server
> side component of this desktop app and the two will communicate
> over SSL with JSON. Using Django, I can authenticate users and
> hold onto the cookie on the client side for authenticating the
> views that need it before they return their JSON. I could also
> send the userid and password in every GET or POST. Which method
> is better? Is either more secure? Using cookies I can take
> advantage of stuff built into Django such as the @login_required()
> decorator. --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-users/-/bt4FuP1zmYEJ.
> To post to this group, send email to django-users@googlegroups.com
> <mailto:django-users@googlegroups.com>.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com
> <mailto:django-users%2bunsubscr...@googlegroups.com>.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
