On Apr 26, 11:23 am, Bradley Wright <[email protected]> wrote: > Hello all, > > Here's my scenario: > > We have a RESTful backend system that provides authentication. I've > copied the code (with my own specific library stuff) from the "Simple > home-grown" example in the Pylons cook book. > > That all works fine (I can log in using a form, which calls the REST > interface, which returns a valid user). The issue is thus: > > For the user to perform any future data requests (such as "give me a > list of my friends", or "let me edit my profile"), they need a special > authenticated token. This token is returned when the user is logged > in, so it's available to Pylons from the second a user is > authenticated. Now, I figure I can simply stash this token in the > session and use it, but is there a better way to do this? There's one > particular caveat, which is that the lifespan of the token is limited > to 15 minutes, so Pylons needs to refresh it every 10 minutes or so. > This makes fiddling the session a bit clumsy. > > In Django I used a "request" middleware function, which doctored the > request object before the views got it (this looked at the token, > renewed it if need be, and then stashed it for the view). What's the > Pylons-esque way of doing this? > > I can't use middleware as I can't see any easy way of accessing the > logged in user object in middleware, so presumably it needs to be > somewhere else. > > Any thoughts appreciated.
This is just a response to your last paragraph: If an object is in the session or request.environ (or any request/ thread-local place), you can access it from any middleware, assuming, of course, that you shove the object into the environ before your middleware is called. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
