OpenID Libraries should be stateless
Ryan Ernst
ryan at citewire.com
Mon Feb 4 12:03:17 PST 2008
This weekend I started implementing OpenID on my site using the
python-openid library. In doing so I found that the library requires
session state to be kept from consumer.begin() to consumer.complete(). Why
does the library need this session information? And if the library does
really need the information, it should be able to save it as a stateless
string (not a python object which is bound to the server it was created on),
which can be encrypted (does it need to be?) and appended as get parameters
to the return_to uri.
Is there any work being done for this? Would it be trivial or non-trivial?
Thanks
Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openidenabled.com/pipermail/dev/attachments/20080204/b2bb16f4/attachment.htm
More information about the Dev
mailing list