On Wed, Jun 21, 2017 at 9:28 AM, Jonathan Vanasco <jonat...@findmeon.com> wrote: > I typically spec out applications like this: > > * Everything in `/account` is via HTTPS with a secondary HTTPS-only session > (that has a different timeout the default session), and login-status > requires a recent user/pass entry (no autologin). All forms implement CSRF.
How do you get a secondary session? Can you do that with Pyramid's session infrastructure? What do you mean by "a recent user/pass entry"? -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAH9f%3DupO%2Bu2tXa37S6HS1%2B-pdt60ZeAK%2BhEWEUh_%3DwLCJfxLjg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.