Python Web Applications: What is the way and the method to handle Registrations, Login-Logouts and Cookies? [on hold]

Posted by Phil on Programmers See other posts from Programmers or by Phil
Published on 2013-10-29T13:21:46Z Indexed on 2013/10/29 16:11 UTC
Read the original article Hit count: 258

I am working on a simple Python web application for learning purposes. I have chosen a very minimalistic and simple framework. I have done a significant amount of research but I couldn't find a source clearly explaining what I need, which is as follows:

I would like to learn more about:

  • User registration
  • User Log-ins
  • User Log-outs
  • User auto-logins

I have successfully handled items 1 and 3 due to their simple nature.

However, I am confused with item 2 (log-ins) and item 4 (auto-logins).

When a user enters username and password, and after hashing with salts and matching it in the DB;

  • What information should I store in the cookies in order to keep the user logged in during the session?
  • Do I keep username+password but encrypt them? Both or just password?
  • Do I keep username and a generated key matching their password?
  • If I want the user to be able to auto-login (when they leave and come back to the web page), what information then is kept in the cookies?

I don't want to use modules or libraries that handle these things automatically. I want to learn basics and why something is the way it is.

I would also like to point out that I do not mind reading anything you might offer on the topic that explains hows and whys. Possibly with algorithm diagrams to show the process.

Some information:

I know about setting headers, cookies, encryption (up to some level, obviously not an expert!), request objects, SQLAlchemy etc. I don't want any data kept in a single web application server's store. I want multiple app-servers to be handle a user, and whatever needs to be kept on the server to be done with a Postgres/MySQL via SQLAlchemy (I think, this is called stateless?) Thank you.

© Programmers or respective owner

Related posts about python

Related posts about security