Python Web Applications: What is the way and the method to handle Registrations, Login-Logouts and Cookies? [on hold]
Posted
by
Phil
on Programmers
See other posts from Programmers
or by Phil
Published on 2013-10-29T13:21:46Z
Indexed on
2013/10/29
16:11 UTC
Read the original article
Hit count: 258
I am working on a simple Python web application for learning purposes. I have chosen a very minimalistic and simple framework. I have done a significant amount of research but I couldn't find a source clearly explaining what I need, which is as follows:
I would like to learn more about:
- User registration
- User Log-ins
- User Log-outs
- User auto-logins
I have successfully handled items 1 and 3 due to their simple nature.
However, I am confused with item 2 (log-ins) and item 4 (auto-logins).
When a user enters username and password, and after hashing with salts and matching it in the DB;
- What information should I store in the cookies in order to keep the user logged in during the session?
- Do I keep username+password but encrypt them? Both or just password?
- Do I keep username and a generated key matching their password?
- If I want the user to be able to auto-login (when they leave and come back to the web page), what information then is kept in the cookies?
I don't want to use modules or libraries that handle these things automatically. I want to learn basics and why something is the way it is.
I would also like to point out that I do not mind reading anything you might offer on the topic that explains hows and whys. Possibly with algorithm diagrams to show the process.
Some information:
I know about setting headers, cookies, encryption (up to some level, obviously not an expert!), request objects, SQLAlchemy etc. I don't want any data kept in a single web application server's store. I want multiple app-servers to be handle a user, and whatever needs to be kept on the server to be done with a Postgres/MySQL via SQLAlchemy (I think, this is called stateless?) Thank you.
© Programmers or respective owner