pyramid_authsanity¶
pyramid_authsanity is an authentication policy for the Pyramid Web Framework that strives to make it easier to write a secure authentication policy that follows web best practices.
- Uses tickets to allow sessions to be prematurely ended. Don’t depend on the expiration of a cookie for example, instead have the ability to terminate sessions server side.
- Stops session fixation by automatically clearing the session upon login/logout. Sessions are also cleared if the new session is for a different userid than before.
- Automatically adds the Vary HTTP header if the authentication policy is used.
pyramid_authsanity uses Michael Merickel’s absolutely fantastic pyramid_services to allow an application developer to easily plug in their own sources, and interact with their user database.
API Documentation¶
Reference material for every public API exposed by pyramid_authsanity:
Narrative Documentation¶
Narrative documentation that describes how to use this library, with some examples.