[Zope-PAS] [RFC] Extending CookieAuthHelper
Lennart Regebro
regebro at nuxeo.com
Fri Nov 12 11:20:40 EST 2004
Jens Vagelpohl wrote:
> Looking at this a little more a few questions come to mind. First of
> all, would it be considered a "normal" use case that someone would want
> to have both the CookieAuthHelper and the SessionAuthHelper plugins
> running at the same time? I'm thinking they both could be replaced by a
> single plugin.
Since the Sessions relly on cookies anyway, I can't see any reason why
you would need both at one time. I think the only reason to separate
them is clarity. It seems simpler to start using session by using a
session plugin.
On the other hand, a choice between "store credentials in cookie" and
"store credentials in session" is pretty clear too, +0.5 to your merging
ideas, because at least the challenge code is the same, but currently -1
on having some sort of credential storage plugin... Because then, can't
you just have separate extraction plugins from the start? It would be
the same... or?
--
Lennart Regebro, Nuxeo http://www.nuxeo.com/
CPS Content Management http://www.cps-project.org/
More information about the Zope-PAS
mailing list