robvdl
commented
9 months ago Done, using pyramid_session_redis==1.6.3
Closed robvdl closed 9 months ago
robvdl
commented
9 months ago Done, using pyramid_session_redis==1.6.3
The session must be a backend session rather than storing data in a client cookie, because credentials will be stored in the session.
Will likely use Redis based sessions rather than disk-based because Redis sessions can have a TTL and automatically delete inactive sessions.
Also when comparing to disk-based sessions, that doesn't scale with multi process or even multiple VM's, Redis sessions don't have that problem.
Also the Redis server can be (and should be) secured by a passphrase.