I want to store user data in t.w.s.Session to allow a persistent logon. As the login will be made with a PyAmf method call I do not think that t.w.w.Guard will work because it appears to process the login from POST data. It is trivial to store the user data in the session object with Request.getSession, but is this a secure method? Could someone guess the session key and use it to forge credentials? Is there a better way to do this?
The PyAmf examples send the username and password with every method call. I would prefer to use the session because the user can log-on once for multiple windows/tabs. The twisted PB security model seems much more elegant then what is available for twisted.web. Am I missing something???? Thanks in advance and once again thank you for the fantastic work on twisted. Shawn Church I/S Consultant Shawn At SCchurchComputers.com
_______________________________________________ Twisted-web mailing list [email protected] http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
