What a dogpile

[dbv]

Just came across dogpile.cache https://bitbucket.org/zzzeek/dogpile.cache which is the replacement for beaker written by the same author who provides the re-write rationale at http://techspot.zzzeek.org/2011/10/01/thoughts-on-beaker/.  It appears that Http sessions ie. cookies are not supported in dogpile but could be wrong.  Either way, beaker is not being worked on further. Thoughts?  

[dbv]

Got a message from one of the Beaker co-authors who said "there's no plans for an encrypted cookie lib within the dogpile.* project. I'd like Ben (the other co-author) or someone to re-package Beaker's encrypted cookie as its own thing."

It appears that the authors were not happy with the sessions management component of Beaker and so re-wrote it as dogpile.  They didn't have any problem with the Beaker encrypted cookie component but say it doesn't belong with dogpile and should be a separate library.

[Federico Ceratto]

On Wed, Dec 19, 2012 at 11:04 AM, dbv <dinesh...@hotmail.com> wrote:

> It appears that the authors were not happy with the sessions management
> component of Beaker and so re-wrote it as dogpile. They didn't have any
> problem with the Beaker encrypted cookie component but say it doesn't belong
> with dogpile and should be a separate library.

Hi Dinesh and thanks for the links. I got the same impression reading
dogpile's blogs a documentation.
It looks like a nice project, but it's not as mature as Beaker at the moment.

Due to the security implications of using encrypted cookies, doing
password hashing and so on, I try to stick to the most well-tested
libraries I can find.
Speaking of which, I'm planning to add support for bcrypt/scrypt.

I'll keep an eye on dogpile anyways.

Bye,
--
Federico

[dbv]

Sounds good.

I'm still not clear what the role of a beaker session is when dealing with encrypted cookies.