Sorry a bit confused about the types/locations of data you're talking about.
Also I checked and pyramid does not have encrypted cookies. Sorry. I thought I read that someone had released a package; maybe it was a 3rd party plugin. Anyways... If your session has some sort of abstract 'account identifier' in it, and that matches up with some sort of database or hardcoded user info, you should be fine with a signed cookie. If your session has some sort of 'credentials' in it that the API needs to work (like a login/password), I would encrypt that payload. I would also prefer to route it through https if the encryption is not very strong. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.