It sounds like you are not using the `pyramid.security.remember(request, userid)` API to store the user in the session. If you would like to store the userid directly you may but you are circumventing the pyramid authentication APIs. As far as the authenticated_userid, this will invoke your callback, but only if a userid is found in the session in the first place (otherwise no one is logged in and it short-circuits). unauthenticated_userid will return the id directly found in the session and is mainly there as a hop between the raw session and your callback.
On Tue, Aug 5, 2014 at 11:34 PM, Karl O. Pinc <k...@meme.com> wrote: > Hi, > > I'm using pyramid 1.5.1 and in trying to figure > out SessionAuthenticationPolicy I found problems. > I looked at HEAD (I think) on github and problems > seem to exist there too. > > unauthenticated_userid is not documented. > > > The callback function is never called. The > debug output is: > > 2014-08-06 02:59:43,213 DEBUG [testlogin][Dummy-3] > pyramid.authentication.SessionAuthenticationPolicy.effective_principals: > unauthenticated_userid returned None; returning ['system.Everyone'] > > The problem is that SessionAuthenticationPolicy > is counting on having a "prefix + 'userid'" > session key in request.session. However there's > no documentation on this and so the key does not exist. > > One possible approach is to supply an identity > keyword argument in a fashion similar to that > in ReposeWho1AuthenticationPolicy so the > user knows what key is supposed to exist. > (This seems heavy-handed.) > > I'm not really thinking things through at > the moment but it seems to me that there > needs to be some sort of documentaion, > if not an interface, for setting the value > behind > SessionAuthenticationPolicy.(un)authenticated_userid. > Or something. > > As it is SessionAuthenticationPolicy is > impossible to use without snooping through > the source. > > Sorry to run-on. I've been working at > this for a while and my brain is full. > > Meanwhile, if I simply set > request.session[prefix + 'userid'] > in my app will I be reasonably > future-proof? (I've not actually tried this > to see if it works.) > > Thanks. > > Karl <k...@meme.com> > Free Software: "You don't pay back, you pay forward." > -- Robert A. Heinlein > > -- > You received this message because you are subscribed to the Google Groups > "pylons-devel" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to pylons-devel+unsubscr...@googlegroups.com. > To post to this group, send email to pylons-devel@googlegroups.com. > Visit this group at http://groups.google.com/group/pylons-devel. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-devel+unsubscr...@googlegroups.com. To post to this group, send email to pylons-devel@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-devel. For more options, visit https://groups.google.com/d/optout.
