websauna.system.auth.policy module

class websauna.system.auth.policy.SessionAuthenticationPolicy(prefix='auth.', callback=None, debug=False)[source]

Bases: pyramid.authentication.SessionAuthenticationPolicy

Session authentication policy which makes sure all responses get vary: Cookie.

Originally from https://github.com/pypa/warehouse/blob/master/warehouse/accounts/auth_policy.py

authenticated_at_key = 'authenticated_at'

Session has this key set to the timestamp when the user authentication happened. The key is removed when the user logs out.


User logs out or is forced to be forgotten.

remember(request, userid, **kw)[source]

Store a userid in the session.

unauthenticated_at_key = 'unauthenticated_at'

This is the timestamp when this session logged out last time


What is the user id for unauthenticated users.