Repoze.what and Max-Age
Justin
configure the expiration time for my site cookies as well as add a
remember me button to the login view. I can not seem to find any
documentation on where to configure these options though, when using
the quickstart option.
Anyhelp would be much appreciated.
Gustavo Narea
It seems like you're configuring repoze.what and repoze.who via repoze.what-
quickstart [1].
That package configures authentication (i.e., repoze.who) so that the cookies
are handled by the AuthTktCookiePlugin [2], but that repoze.who identifier
plugin doesn't allow specifying that (yet).
So there are two options:
1.- Request this feature on <http://bugs.repoze.org/>. Chances are if you
provide a patch, it'll get a applied and a new release will be done very soon.
Then I'll update repoze.what-quickstart so you can pass this argument to
AuthTktCookiePlugin.
2.- You use your own AuthTktCookiePlugin-based identifier. But then you will
have to configure repoze.who/what manually, without repoze.what-quickstart.
I would go for option 1.
HTH,
- Gustavo.
[1] http://code.gustavonarea.net/repoze.what-quickstart/
[2]
http://static.repoze.org/whodocs/narr.html#repoze.who.plugins.auth_tkt.AuthTktCookiePlugin
--
Gustavo Narea <xri://=Gustavo>.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
Audrius Kažukauskas
> Hello, Justin.
>
> It seems like you're configuring repoze.what and repoze.who via
> repoze.what- quickstart [1].
>
> That package configures authentication (i.e., repoze.who) so that the
> cookies are handled by the AuthTktCookiePlugin [2], but that
> repoze.who identifier plugin doesn't allow specifying that (yet).
I'm not sure if OP needs login session expiration, but if he does,
AuthTktCookiePlugin in latest repoze.who already supports that giving
timeout and reissue_timeout arguments to its constructor method or
make_plugin factory function. It looks like AuthTktCookiePlugin docs
are not up to date on the website ("Last updated on Jan 23, 2009."),
also there's no way to set these arguments via repoze.what-quickstart.
I think quite a few people would find that handy, although there's
always a way to bypass quickstart and configure repoze.what by yourself
(quickstart code could be used as example, it's not hard to understand).
As for "remember me" functionality, OP is left to implement it himself
or wait for someone to do that for him.
> So there are two options:
> 1.- Request this feature on <http://bugs.repoze.org/>. Chances are if
> you provide a patch, it'll get a applied and a new release will be
> done very soon. Then I'll update repoze.what-quickstart so you can
> pass this argument to AuthTktCookiePlugin.
> 2.- You use your own AuthTktCookiePlugin-based identifier. But then
> you will have to configure repoze.who/what manually, without
> repoze.what-quickstart.
>
> I would go for option 1.
--
Audrius Kažukauskas
Gustavo Narea
I wasn't aware of those arguments, so I've just released repoze.what-
quickstart so people can customize the Max-Age both with Python code and .ini
files:
http://code.gustavonarea.net/repoze.what-quickstart/News.html
Cheers!
- Gustavo.
Audrius Kažukauskas
> Thanks for the tip, Audrius!
>
> I wasn't aware of those arguments, so I've just released repoze.what-
> quickstart so people can customize the Max-Age both with Python code and .ini
> files:
> http://code.gustavonarea.net/repoze.what-quickstart/News.html
Cool! Thanks for addition.
--
Audrius Kažukauskas