[Zope-PAS] [RFC] Extending CookieAuthHelper
Jens Vagelpohl
jens at dataflake.org
Thu Nov 11 04:11:42 EST 2004
Hi guys,
In the course of customer work I would like to either extend the
CookieAuthHelper with some useful functionality or, if that's
preferred, add a separate Cookie-Auth plugin based on the
CookieAuthHelper that has a slightly different behavior.
In a nutshell, credentials should not be stored in the cookie itself.
The proposed changes involve storing a simple key, or "ticket", in the
cookie and storing the credentials in the user's session under that
ticket key.
Also, the lifespan of the cookie should be configurable on the plugin
and there should be a "logout" method that can be called from user
space/untrusted code to effect cookie expiration.
Like I said, this could be done by extending the CookieAuthHelper or by
basing a new plugin on it. What are peoples' preferences or
suggestions?
jens
---------------
Jens Vagelpohl jens at zetwork.com
Software Engineer +49-(0)441-36 18 14 38
Zetwork GmbH http://www.zetwork.com/
More information about the Zope-PAS
mailing list