FWIW we've been using 'regular' cookies with content encrypted by http://pythonhosted.org/itsdangerous/ for many projects now. Works like a charm.
Sent from a phone, please excuse the brevity. > On 16.05.2015, at 01:58, Jonathan Vanasco <[email protected]> wrote: > > Sorry a bit confused about the types/locations of data you're talking about. > > Also I checked and pyramid does not have encrypted cookies. Sorry. I thought > I read that someone had released a package; maybe it was a 3rd party plugin. > > Anyways... > > If your session has some sort of abstract 'account identifier' in it, and > that matches up with some sort of database or hardcoded user info, you should > be fine with a signed cookie. > If your session has some sort of 'credentials' in it that the API needs to > work (like a login/password), I would encrypt that payload. I would also > prefer to route it through https if the encryption is not very strong. > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/pylons-discuss. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
