|
Jorey Bump
list at joreybump.com
Wed Oct 27 16:04:34 EDT 2004
Lukas Trejtnar wrote:
> I'm trying to implement a session management together with an
> authentification procedure.
>
> I have a folder which contains PSP (my_pages). When a user accesses
> my_pages for the first time, an authentification dialogue box is
> invoked, a user is authentified and new session is created (with timeout
> 300s). User happily browses my_pages.
>
> Now, if s/he is inactive for more than 300s and starts browsing again,
> new session is created. It's fine, but I would like to force the
> authentification dialogue box to appear again before a session creation.
>
> How can I do that? Here is my code:
> def authenhandler(req):
>
> req.session = Session.Session(req, timeout=300)
>
> passwd = req.get_basic_auth_pw()
> user = req.user
>
> if req.session.is_new():
> req.session['passwd'] = passwd
> req.session['user'] = user
Just a guess, but if you clear passwd & user here:
passwd = ''
user = ''
then authentication will fail only when the session is new and force the
user to reauthenticate. Untested, but worth a try.
> req.session.save()
>
> if passwd == "spam" and user == "eggs":
> return apache.OK
> else:
> return apache.HTTP_UNAUTHORIZED
You could also set a variable and test for it:
newsession = 0
if req.session.is_new():
newsession = 1
req.session['passwd'] = passwd
req.session['user'] = user
if passwd == "spam" and user == "eggs" and newsession == 0:
return apache.OK
else:
return apache.HTTP_UNAUTHORIZED
|