diff options
| author | Chris McDonough <chrism@agendaless.com> | 2009-10-23 20:02:14 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2009-10-23 20:02:14 +0000 |
| commit | 839ea015f9bc8c8096107e700a42bb872e9dc0c8 (patch) | |
| tree | b93b7a9ae7fc3842f633c254740a5ce7f6208e53 /docs/api | |
| parent | 9cb00f863f0c23f00f232b495c6829a9adda8432 (diff) | |
| download | pyramid-839ea015f9bc8c8096107e700a42bb872e9dc0c8.tar.gz pyramid-839ea015f9bc8c8096107e700a42bb872e9dc0c8.tar.bz2 pyramid-839ea015f9bc8c8096107e700a42bb872e9dc0c8.zip | |
- Added ``max_age`` parameter to ``authtktauthenticationpolicy`` ZCML
directive. If this value is set, it must be an integer representing
the number of seconds which the auth tkt cookie will survive.
Mainly, its existence allows the auth_tkt cookie to survive across
browser sessions.
- The ``reissue_time`` argument to the ``authtktauthenticationpolicy``
ZCML directive now actually works. When it is set to an integer
value, an authticket set-cookie header is appended to the response
whenever a request requires authentication and 'now' minus the
authticket's timestamp is greater than ``reissue_time`` seconds.
- The router now checks for a ``global_response_headers`` attribute of
the request object before returning a response. If this value
exists, it is presumed to be a sequence of two-tuples, representing
a set of headers to append to the 'normal' response headers. This
feature is internal, rather than exposed internally, because it's
unclear whether it will stay around in the long term. It was added
to support the ``reissue_time`` feature of the authtkt
authentication policy.
- The ``authtkt`` authentication policy ``remember`` method now no
longer honors ``token`` or ``userdata`` keyword arguments.
Diffstat (limited to 'docs/api')
0 files changed, 0 insertions, 0 deletions