[Web-SIG] Logging the authenticated user (was Re: Bowing out)

James Y Knight foom at fuhm.net
Tue Feb 7 22:29:01 CET 2006

On Feb 7, 2006, at 12:28 PM, Phillip J. Eby wrote:
> * Add an optional 'wsgi.response_filtering' key to the spec.  If  
> its value
> is present and true, the server promises to prevent 'X-Internal-*'  
> headers
> from being transmitted.
> * Add an optional 'X-Internal-WSGI-Authenticated-User' header to  
> the spec,
> that indicates the authenticated user name.  This should only be  
> inserted
> into the response headers if 'wsgi.response_filtering' is in effect.
> * Require that any user-defined X-Internal headers include a  
> product name,
> e.g. 'X-Internal-Zope-Foo', to avoid conflict with WSGI-defined or  
> other
> products' user-defined headers.
> This would all be placed under a new section entitled "Internal  
> Response
> Headers" and defined as an optional extension.

I like it.


More information about the Web-SIG mailing list