I have a CherryPy application that is stateless but requires authentication. Rather than implementing sessions within my application solely to support authentication, I'm wondering whether I can safely use the HTTP digest authentication recently added to CherryPy?
The application makes use of regular HTML GETs as well as AJAX GEts, PUTs, and POSTs returning both HTML and JSON.
Separately, when the system goes live I expect that it will use HTTPS to encrypt the traffic, but I'll still need to know who the user is.
So far, HTTP digest authentication seems to be working well in my application. It was dead easy to implement with CherryPy 3.2.