Sorry, I should have said you could write your own authentication /middleware/ (https://docs.djangoproject.com/en/1.4/topics/http/middleware/), not your own authentication backend (since I assume you're still using the standard username/password login). Just implement process_request(), look for the token in the query string, and set request.user appropriately.
_Nik On 6/13/2012 10:40 AM, Nikolas Stevenson-Molnar wrote: > I agree; go with sessions. However, if you don't want to implement > cookie handling in your desktop app, they don't have to be > cookie-based sessions. If you write your own authentication backend > (https://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend) > you could, for example, send the session id as a query parameter. That > way, you still get all the built-in authentication goodies (like > @login_required) but without the overhead of handling cookies. > > _Nik > > On 6/13/2012 10:29 AM, Kurtis Mullins wrote: >> I wouldn't authenticate on every request. That seems like a lot >> of unnecessary work. Just authenticate once and use >> Cookies/Authentication Tokens to sustain the session. It's already >> built in so it's pretty easy to do. They even have a code snippet >> that shows how to use a special HTTP Header to keep this >> authenticated session going without relying on dumping the {% >> csrf_token %} on every response. It's written in Javascript but I'm >> sure you could take the same approach and include it in your Desktop >> application. >> >> On Wed, Jun 13, 2012 at 1:24 PM, Mike <mike.t...@gmail.com >> <mailto:mike.t...@gmail.com>> wrote: >> >> I'm working on a desktop app that will communicate with a server. >> I have some experience with Django and with the user >> authentication system but I haven't deployed a Django app with >> authentication yet. I'm planning to use django for the server >> side component of this desktop app and the two will communicate >> over SSL with JSON. Using Django, I can authenticate users and >> hold onto the cookie on the client side for authenticating the >> views that need it before they return their JSON. I could also >> send the userid and password in every GET or POST. Which method >> is better? Is either more secure? Using cookies I can take >> advantage of stuff built into Django such as >> the @login_required() decorator. -- >> You received this message because you are subscribed to the >> Google Groups "Django users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/django-users/-/bt4FuP1zmYEJ. >> To post to this group, send email to >> django-users@googlegroups.com <mailto:django-users@googlegroups.com>. >> To unsubscribe from this group, send email to >> django-users+unsubscr...@googlegroups.com >> <mailto:django-users%2bunsubscr...@googlegroups.com>. >> For more options, visit this group at >> http://groups.google.com/group/django-users?hl=en. >> >> >> -- >> You received this message because you are subscribed to the Google >> Groups "Django users" group. >> To post to this group, send email to django-users@googlegroups.com. >> To unsubscribe from this group, send email to >> django-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
