pyramid_authsanity is an authentication policy for the Pyramid Web Framework that strives to make it easier to write a secure authentication policy that follows web best practices.
- Uses tickets to allow sessions to be prematurely ended. Don’t depend on the expiration of a cookie for example, instead have the ability to terminate sessions server side.
- Stops session fixation by automatically clearing the session upon login/logout. Sessions are also cleared if the new session is for a different userid than before.
- Automatically adds the Vary HTTP header if the authentication policy is used.
Reference material for every public API exposed by pyramid_authsanity:
Narrative documentation that describes how to use this library, with some examples.