Reputation: 4865
Advantages of pyramid_beaker over native pyramid session management
What are the advantages of using pyramid_beaker instead of just using something like AuthTktAuthenticationPolicy for session authentication?
Upvotes: 2
Views: 839
Answers (1)
Reputation: 1123410
AuthTktAuthenticationPolicy only issues encrypted authentication cookies, and are not, in a technical sense, tied to sessions. You can only use this to identify, securely, that a user is still the same entity that logged in during an earlier HTTP connection. The cookie contains all the information needed to re-identify the user on every HTTP request. AuthTktAuthenticationPolicy cookies are compatible with the mod_auth_tkt Apache module.
A pyramid_beaker session on the other hand, uses a cookie to tie a returning browser connection to some persistent server-side information. Using such a session allows your application to associate arbitrary data with a website visitor, that is not stored in the browser.
See Webserver Session management on Wikipedia
Upvotes: 5
Related Questions
- Using pyramid authentication with pyramid
- Authentication in pyramid
- Can Pyramid's Built-in Authentication/Authorization Implement Complex Security Schemes?
- Using beaker sessions for checking if user is authenticated in Pyramid
- How do I setup pyramid_beaker for a sessions & login system?
- In Pyramid Framework what is the difference between default Unencrypted Session Factory and setting cookies manually?
- Pyramid beaker accessing Sessions that have been created
- Is pyramid_who (repoze.who) the preferred way to do authentication for pyramid?
- How flexible is Pyramids auth system?
- Pyramid_beaker: session.type = cookie is not secure?