vdbergh
vdbergh
The makes one think about a more general cookie mechanism for the worker.
Does your system set state on the server? I mean how does the server know that the token is correct? As I explained about I have the impression that pyramid...
You can do it without changing server state in the way I explained. I have the impression that this is how pyramid does it under the hood. Note that if...
> Please note that a session based authentication by design does not want to survive a server restart, sessions mean that we can expire the session and easily generate a...
Here is an explanation of pyramid authentication: https://stackoverflow.com/questions/12765349/pyramid-authtktauthenticationpolicy-secret-parameter
Why need the server save it? It can just return it (or regenerate it).
That views would not survive server restart would be rather inconvenient. It would mean that each time the server is restarted the user needs to log in again.
Anyway you have not explained what is wrong with the scheme I proposed (which I think is what pyramid uses) and which does not require changing any server state (so...
I understand your solution perfectly (just have a data structure on the server with user/token/timestamp). Here is the stateless solution (I will simplify it as much as I can, e.g....
@ppigazzini Thanks! So this is consistent with my theory that the token is computed rather than randomly generated. Did you preserve ~/fishtest.secret while reinstalling the server?