On Apr 26, 11:23 am, Bradley Wright <[email protected]> wrote:
> Hello all,
>
> Here's my scenario:
>
> We have a RESTful backend system that provides authentication. I've
> copied the code (with my own specific library stuff) from the "Simple
> home-grown" example in the Pylons cook book.
>
> That all works fine (I can log in using a form, which calls the REST
> interface, which returns a valid user). The issue is thus:
>
> For the user to perform any future data requests (such as "give me a
> list of my friends", or "let me edit my profile"), they need a special
> authenticated token. This token is returned when the user is logged
> in, so it's available to Pylons from the second a user is
> authenticated. Now, I figure I can simply stash this token in the
> session and use it, but is there a better way to do this? There's one
> particular caveat, which is that the lifespan of the token is limited
> to 15 minutes, so Pylons needs to refresh it every 10 minutes or so.
> This makes fiddling the session a bit clumsy.
>
> In Django I used a "request" middleware function, which doctored the
> request object before the views got it (this looked at the token,
> renewed it if need be, and then stashed it for the view). What's the
> Pylons-esque way of doing this?
>
> I can't use middleware as I can't see any easy way of accessing the
> logged in user object in middleware, so presumably it needs to be
> somewhere else.
>
> Any thoughts appreciated.

This is just a response to your last paragraph:

If an object is in the session or request.environ (or any request/
thread-local place), you can access it from any middleware, assuming,
of course, that you shove the object into the environ before your
middleware is called.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to