[Zope3-Users] Re: Does zope cache authentication?
Philipp von Weitershausen
philipp at weitershausen.de
Sat Sep 22 13:16:35 EDT 2007
Jodok Batlogg wrote:
>> I have written a custom authenticator in my application to
>> authenticate a login against a PostgreSQL database. In the site I have
>> configured a PAU with a session credentials plugin and my custom
>> authenticator plugin.
>>
>> I found out that with configuration, EVERY browser request is
>> triggering my custom authenticator, which means a query of the
>> database. I'd rather expect only the first login will send a database
>> request, and before one logs out, subsequent requests will no longer
>> be authenticated.
>
> exactly, that's the default behavior. and it needs to be that way.
> in case the credentials are beeing changed or privileges are beeing
> revoked there are several use cases where you can't cache.
>
>> Does the PAU have a mechanism to cache the authentication before the
>> user is logged out? Otherwise the authentication would be a highly
>> inefficient process.
>
> you need to implement caching on your own...
> just do something like:
>
> from zope.app.cache.ram import RAMCache
> authCache = RAMCache()
>
> key = {'user': credentials['login'].encode('utf-8'), 'pass':
> credentials['password'].encode('utf-8')}
> result = authCache.query(self, key=key)
> if result is None:
> # perform database lookup
> authCache.set(result, self, key=key)
> return result
What's with the encoding to utf-8? Coudln't you simply use unicode?
Note that you can also use sessions.
--
http://worldcookery.com -- Professional Zope documentation and training
More information about the Zope3-users
mailing list