Relative newbie here, so bear with me.... So I have a few questions about these concepts in general, as well specific questions about existing (or developing) implementations. Here goes:
1. I've read somewhere that login control and acl control should be separated. Is that correct and if so, why? 2. Are there settled design (patterns) for implementing login functionality? If, so, suggestions for resources to look at? (Perhaps more generally, what is the general state of the art?) 2. Are there settled design (patterns) for implementing acl functionality? If, so, suggestions for resources to look at? (Perhaps more generally, what is the general state of the art?) 3. I assume I should use sessions from cherrypy to handle login, but I'd like a little more finegrained control over the cookie (specifically, I'd like to end a session after XX minutes of inactivity and pop up a warning right before the expiration to allow the user to refresh the session). Any suggestions (I'm not all that adept with cherrypy yet, so perhaps I'm missing something)? 4. Is there a general framework(s) for acl in turbogears, and if so, where?
