# HG changeset patch
# User Thierry Florac <thierry.florac@onf.fr>
# Date 1507274298 -7200
# Node ID ec047632ceb51d2e08007ce2c393eae539138fd9
# Parent  db91044a173e5582f5822080f6b2ddfed3496956
Updated authentication policy

diff -r db91044a173e -r ec047632ceb5 {{cookiecutter.project_slug}}/{{cookiecutter.webapp_name}}/__init__.py
--- a/{{cookiecutter.project_slug}}/{{cookiecutter.webapp_name}}/__init__.py	Wed Jul 12 12:00:40 2017 +0200
+++ b/{{cookiecutter.project_slug}}/{{cookiecutter.webapp_name}}/__init__.py	Fri Oct 06 09:18:18 2017 +0200
@@ -16,6 +16,7 @@
 
 # import packages
 from pyams_security.utility import PyAMSAuthenticationPolicy
+from pyams_utils.request import PyAMSRequest
 from pyams_utils.site import site_factory
 from pyramid.authorization import ACLAuthorizationPolicy
 from pyramid.config import Configurator
@@ -27,9 +28,14 @@
     """
     registry = getGlobalSiteManager()
     config = Configurator(registry=registry)
-    config.setup_registry(root_factory=site_factory, settings=settings)
+    config.setup_registry(root_factory=site_factory,
+                          request_factory=PyAMSRequest,
+                          settings=settings)
 
     authn_policy = PyAMSAuthenticationPolicy(secret='PyAMS 0.1.0',
+                                             http_only=True,
+                                             secure=True,  # remove in development environment
+                                                           # if you don't use HTTPS
                                              credentials=('http',))
     config.set_authentication_policy(authn_policy)
     config.set_authorization_policy(ACLAuthorizationPolicy())