Thanks so much!
> For this type of data, at a minimum, calls to request.response.set_cookie
should contain `httponly=True` and `secure=True`; the app should also be
under https only. If I understand how your system uses these credentials
correctly, `samesite=strict` should also be added.
Makes
pyramid_beaker is as far I know only python based (stores sessions on disk)
https://pypi.org/project/pyramid_beaker/
We use extensively for years now without any trouble.
Le 30/11/2023 à 13:14, Scott Lawton a écrit :
Thanks so much!
> For this type of data, at a minimum, calls to
request.re
A second for 'pyramid_beaker'. It doesn't get much attention nowadays
but Beaker still works and is getting updates. It has backends to
store sessions in files, Redis, SQLAlchemy, cookie-only, and others. I
have two production applications on it. One because one developer's
workstation doesn't have
The following line can be added to a crontask to clean up old sessions :
find //beaker/sessions/ -type f -mtime +3 -print -exec rm {} \;
> /dev/null 2>&1
Le 30/11/2023 à 17:31, Mike Orr a écrit :
A second for 'pyramid_beaker'. It doesn't get much attention nowadays
but Beaker still works and
Hi Mike. I tried many things, including beyond your tip, but I can't make
any progress. I think it's something simple. Attached is my last attempt.
If you can help I would appreciate it.
Em quinta-feira, 23 de novembro de 2023 às 18:26:37 UTC-3, Mike Orr
escreveu:
> On Thu, Nov 23, 2023 at 11:
Thanks for the link and the 'second' that it's still a practical solution;
I was a bit hesitant given that it's 10 years old: 0.8 (2013-06-28).
Looks like there are enough docs available for us to proceed. Still, if
anyone knows of a sample app that includes that + oauth, would be great to
see.
> Any suggestions for 1-3 simple examples? Ideally with only Python
dependencies -- I'd rather not add Redis, MongoDB etc. since we already
have Supabase.
Aside from beaker, no. I maintain `pyramid_session_redis` and - as long as
you disable redis administration - it is relatively insignifican
Use
https://docs.pylonsproject.org/projects/pyramid-nacl-session/en/latest/usage.html
It encrypts the session the is stored in the cookie with NACL. No longer is the
content if the cookie something that an attacker can read/do anything with.
> On Nov 28, 2023, at 12:12, Scott Lawton wrote:
>
Wow. This looks great. I wish I knew about it sooner.
Digging into the code, there was a PR to split things out and support JSON
serialization – however there are no unit tests covering this or docs for
it. @Delta do you know of any public examples of this usage? If so I'd be
happy to play ar
