Ian Bicking: the old part of his blog

Little apps instead of little frameworks comment 000

The cookie would be signed and checked for with WSGI middleware or some other intermediary (like mod_auth_tkt). How you get the cookie is not embedded into the application, and there is a CGI convention for where the unpacked cookie goes (REMOTE_USER); or it could be HTTP auth or whatever. All your app needs to know is to trust REMOTE_USER.

Comment on Re: Little Apps Instead of Little Frameworks
by Ian Bicking