The 2.0 security system is pretty backward compatible so I'd recommend just starting with 1.x but I might suggest using the master version of pyramid-cookiecutter-starter as it has significant improvements to the default test fixtures for new projects.
With respect to 2.0, sorry everyone but I've been dragging my feet on an issue in the new security api so it isn't out yet! Mailing list activity is a great motivator though! - Michael > On Aug 31, 2020, at 12:12, 'Jonathan Vanasco' via pylons-discuss > <pylons-discuss@googlegroups.com> wrote: > > I've done a handful of side-by-side migrations or deployments. > > I think you already identified the generally best approach IMHO: > > > Conceptually the simplest would be to have a auth cookie that is valid > in both, it could be set to only be created in one and honoured in the other. > > However I recommend it with one caveat -- I would approach this functionality > as if it were it's own authentication micro-service. It can live in one of > the two processes, it doesn't need a third, but I would structure the UX, > tests and development as if it were totally independent -- so the cookie > value would just contain login state the core account info needed for auth > and permissions. If either process needs to store other data in a cookie, > use another cookie. > > Reading Pyramid cookies in Flask is pretty simple, Pyramid sessions just > automate loading webob cookies with defaults > > * https://github.com/Pylons/pyramid/blob/master/src/pyramid/session.py > <https://github.com/Pylons/pyramid/blob/master/src/pyramid/session.py> > * https://github.com/Pylons/webob/blob/master/src/webob/cookies.py > <https://github.com/Pylons/webob/blob/master/src/webob/cookies.py> > > > In terms of Pyramid versions, if you need Python2 support - 1.10 is your only > option. Otherwise, just pay attention to the deprecations on Pyramid2 and > you should be able to transition from 1.10 to 2 very easily if you don't want > to run the pre-release. Michael Merickel is the expert on this, but I think > he and his team have done a great job in planning the 2.0 changes by offering > a lot of "forward compatibility' options in 1.10 to prepare us for switching > to 2.0. I could be wrong, but I think almost every one of the 2.0 changes > can be elected in 1.10. The only difference I know of is the drastic change > to authentication/authorization (which may be worth using the pre-release). > > > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to pylons-discuss+unsubscr...@googlegroups.com > <mailto:pylons-discuss+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/pylons-discuss/b0d9e559-d070-4522-82ef-217af2c63de2o%40googlegroups.com > > <https://groups.google.com/d/msgid/pylons-discuss/b0d9e559-d070-4522-82ef-217af2c63de2o%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/7146D524-E61C-4B70-A78A-505F42059524%40gmail.com.
