How do I setup pyramid_beaker for a sessions & login system?

Go To


I'm trying to follow the instructions here ( so I can setup a session/login system. The instructions are confusing me greatly. What exactly is the "default activation setup"? Does that mean there is already a config for the session factory when I call config.include('pyramid_beaker'), so that calling pyramid_beaker.BeakerSessionFactoryConfig() is unnecessary?

What's the easiest way I can a secure login/permissions system working with pyramid_beaker?

2012-04-04 04:30
by zakdances


Beaker is a library for handling caching and sessions (i.e. non-persistent data). You can hijack a session and use it to store whether a user is logged in (request.session['user_id'] = some_id or via pyramid.authentication.SessionAuthenticationPolicy). Both of these will simply store/track the current userid in a session instead of in some other cookie. Note, however, this has nothing to do with permissions or the workflow you use for handling user credentials and logging them in.

Yes, config.include('pyramid_beaker') will automatically configure the cache regions and session factory for you via your INI settings (those settings are documented in the link you supplied as well as the separate beaker docs).

The easiest way to setup a login/permissions system around this idea is to follow the wiki tutorial in the pyramid docs. It shows how to log users in from SQLAlchemy using the AuthTktAuthenticationPolicy which you can easily replace with the SessionAuthenticationPolicy if you deem it necessary.

2012-04-04 04:46
by Michael Merickel
So my understanding is: AuthTktAuthenticationPolicy is pyramid's built in way to track the userid, where SessionAuthenticationPolicy is a way for you to use your own custom session (such as beaker) to track userid - zakdances 2012-04-04 05:03
AuthTkt just uses its own cookie to track only the userid of the logged in user. The format of the cookie happens to be standard, allowing other systems to read it for SSO as well. You could also track the userid in a session using the SessionAuthenticationPolicy, but typically sessions are orthogonal to authentication (despite what PHP may have taught you) - Michael Merickel 2012-04-04 15:51