[mod_python] Sessions + Publisher

Terry MacDonald terry.macdonald at dsl.pipex.com
Wed Sep 22 18:22:09 EDT 2004 

How are you setting up 2 handlers for each request (apache
configuration)?

Are you using PythonAuthenHandler for your session handler and
PythonHandler for publisher?

At a guess...

The original request is handled by your session handler. When the
handler returns apache completes the remaining phases and returns a
response with the session cookie to the client browser.

I'm pretty sure the redirect generates a new request that is handled
like an external request, therefore it goes the same route as the
original request i.e. apache passes the (redirect) request to your
session handler. The redirect request has no session cookie (as it did
not come from the browser) therefore a new one is generated and another
redirect is invoked and there begins your loop. 

You cannot have two content handlers so depending on how you have
(apache) configured your handlers I would suspect that the publisher is
not being called either.



On Wed, 2004-09-22 at 16:24, Todd Boland wrote:
> On Sep 22, 2004, at 9:50 AM, Terry MacDonald wrote:
> 
> > If is_new() is always true it means that a session cookie is not in the
> > request.
> >
> > util.redirect does not set up the cookie in the response, calling
> > Session(req, secret...) does that (if the request does not have a valid
> > one already set)
> 
> My understanding of Session is as follows: When I call Session(req, 
> secret=''), I am assuming that the class first checks for existing 
> cookies sent by the client, if it doesn't find one, it generates the 
> sid and sends the set-cookie header to the client. It also sets a 
> private member to 1 for Session.is_new() to return.
> 
> Is this accurate?
> 
> >
> > Not knowing what is going on in your login script its hard to tell what
> > the exact problem is but I would check that session cookies are being
> > exchnged between the browser and the server.
> 
> The cookie is definitely being set. Firefox and Safari both report 
> having pysid cookies. All my login script is at the moment is:
> 
> def login(req, url=None):
> 	req.write('login')
> 
> Safari bitches about too many redirects and firefox is sent into an 
> infinite redirect loop.
> 
> Thanks for your help and time Terry.
> 
> Todd
> 
> >
> > On Wed, 2004-09-22 at 01:12, Todd Boland wrote:
> >> Hello again!
> >>
> >> In my experiences as a web developer (I'm coming from a Perl/Mason
> >> environment), I've found that the convenience of "transparently"
> >> generating sessions outweighs the performance hit.
> >>
> >> I'm trying to implement sessions "transparently" using 2 handlers for
> >> every request. The first handler makes sure a session is set, if it 
> >> was
> >> just created, it will forward the browser to a login page (like the
> >> documentation suggests). More code that checks session ids against
> >> values in the database to authenticate users will eventually be added.
> >>
> >> By the time a request gets to the second handler (the Publisher
> >> handler), sessions have preemptively been taken care of (it's totally
> >> "transparent").
> >>
> >> The problem I'm having is: I end up in an infinite redirect loop:
> >>
> >> The session handler:
> >>
> >> from mod_python import apache, util
> >> from mod_python.Session import Session
> >> from RPM.common import web_root
> >>
> >> def handler(req):
> >>          session = Session(req, secret='********')
> >>
> >>          # if the session is new, they need to log in
> >>          if session.is_new():
> >>
> >>                  # Using util's redirect will set the cookie
> >>                  util.redirect(req, web_root('index.py/login?url=%s' %
> >> req.uri))
> >>
> >> 	# TODO: Make sure sid is logged in
> >>
> >> 	# Hand off to Publisher handler by returning 200 OK
> >>          return apache.OK
> >>
> >> session.is_new() always returns 1 even after the session cookie is set
> >> (after the redirect). Any ideas or nudges in the right direction would
> >> greatly be appreciated. Thanks!
> > -- 
> > Terry
> > Registered Linux User # 311806
> > www.taumu.com
> >
> >
> > _______________________________________________
> > Mod_python mailing list
> > Mod_python at modpython.org
> > http://mailman.modpython.org/mailman/listinfo/mod_python
> >
> 
> 
> -- 
> Todd Boland
> Software Engineer
> Charged Software
> (508) 887-2885
> Facsimile: (978) 264-0058

More information about the Mod_python mailing list