3

I have a Pyramid application using Beaker Encrypted cookie sessions. I can log a user in using a RequestWithUserAttribute, pyramid.security.authenticated_userid(), remember() and forget() just fine.

However, the majority of users will never log in, and there is a specific value I'd like to save in a cookie (encrypted if at all possible) that the user has given then site (their location, or any string for that matter).

I cannot discover how to set more than the principal for a session using the remember() function, and I'd prefer not to send my own Set-Cookie headers, let alone deal with the encryption of the data myself.

I have found that you can pass keyword arguments to remember():

remember(request, principal, *kw)

But when I try to send any extra values I continuously run into an error.

Ideally I would expect something like this:

remember(request, 'public', {'location':request.params.get('location')})

Is this even the correct route?

billymcclure
  • 33
  • 3

1 Answers1

3

Sessions and Authentication in Pyramid (and in general) are disjoint concepts. There are a lot of people who learn the way to store the authenticated user "is in a session", but in no way is this a requirement. The point of a session is to store arbitrary data for a visitor to your site across requests. That could be the fact that they are logged in or it could be your random strings.

The point is you can store random stuff in the session. It is available in Pyramid (after you've setup the session_factory on the Configurator) directly on the request object via request.session.

request.session['mykey'] = 'some random value'

This does not require you to use authentication, remember/forget, or anything other than a session factory.

https://docs.pylonsproject.org/projects/pyramid/en/1.2-branch/narr/sessions.html

Michael Merickel
  • 23,153
  • 3
  • 54
  • 70
  • The request only lasts as long as the browser is open, though. I have set my config values of `session.auto = True` and `session.timeout = 129600`. A cookie is absolutely being saved as users can remain logged in across browser sessions, but I cannot seem to get any other values to reload. – billymcclure Oct 05 '11 at 17:41
  • 1
    You haven't told me which authentication policy you're using. As I said auth != sessions. It sounds like you're using a different auth policy that stores a cookie and you do not have sessions properly configured as per the beaker documentation. – Michael Merickel Oct 05 '11 at 17:55
  • Broken link was edited, but the OP reverted the change for no reason. In case it is reverted again, the working link is: https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html – Efren Feb 07 '18 at 02:08
  • I reverted it because I intentionally version my links so that they reflect the answer at the time it was answered. The user can then see if the docs have changed since then. Updating to a link that changes over time can easily drift away from being helpful for this answer. If you wanted to update the link to the 1.9-branch after checking that it's still useful then fine but converting from a permanent link to a non-permanent one is not wise. – Michael Merickel Feb 27 '18 at 19:31
  • If you look carefully, the original answer did not have a version in the link, it was simply broken. Non-permanent broken links are not useful. – Efren Feb 28 '18 at 00:39