[mod_python] Internal redirect does not end processing and session is not saved on internal redirect - mpservlets

Scott Chapman scottie at mischko.com
Mon Mar 28 18:45:22 EST 2005 

I have updated the uberServlet and the logged output below. 

Using the internal_redirect from mpservlet prevents code from being 
executed that is after the redirect.  One problem is solved.

I'm not sure how to transfer the session to the internal redirect at 
this point.  It would be nice if that worked because I'm pretty sure 
I'll need it later.  This is a brand new session and no cookie has been 
sent to the browser at the time of the internal redirect so things don't 
work very well there.  How should I transfer the session to the 
internally redirected URI?

Scott

Scott Chapman wrote:

> Here's my uberServlet which demonstrates this "interesting" behavior.  
> If I use the external redirect and comment out the internal redirect, 
> everything works perfectly.
>
> Note that I have changed mpservlets to call prep BEFORE auth.  This 
> makes better sense to me.
>
> uberServlet:
>
>> from mod_python.servlet import Servlet
>> from mod_python import apache,util
>> from pages import Pages
>> import data_object
>>
>> class uberservlet(Servlet):
>>     use_session = True
>>
>>     def prep(self):
>>         Servlet.prep(self)
>>
>>     def auth(self):
>>         pages=Pages()
>>         
>> methodName=self.req.uri[:len(self.req.uri)-len(self.req.path_info)][1:]
>>         self.req.log_error('AUTH - methodName: ' + methodName)
>>         if methodName in ['login','doLogin','logout']:
>>             return
>>         method=getattr(pages,methodName,None)
>>         if method:
>>             self.req.log_error('AUTH - method found')
>>
>>             # Check to see if the page requires user to be logged in
>>             requiresLogin = data_object.requires_login(methodName)
>>
>>             if requiresLogin == 'unknown':
>>                 self.req.log_error('AUTH - page: %s not found in 
>> pages table' % methodName)
>>                 raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
>>
>>             if not requiresLogin:
>>                 self.req.log_error('AUTH - page: %s does not require 
>> login' % methodName)
>>                 return
>>
>>             if requiresLogin:
>>                 self.req.log_error('AUTH - page: %s requires login' % 
>> methodName)
>>                 userName = self.session.get('username', None)
>>                 # Check to see if the user is logged in
>>                 if userName:
>>                     self.req.log_error('AUTH - user already logged 
>> in: %s' % userName)
>>                     # Check that the user has access to the page.
>>                     access_ok = 
>> data_object.check_access(methodName,userName)
>>                     if access_ok:
>>                         return
>>                     else:
>>                         raise apache.SERVER_RETURN, apache.HTTP_FORBIDDEN
>>                 else:
>>                     self.req.log_error('AUTH - user not logged in')
>>                     self.session['returnto'] = self.req.unparsed_uri
>>                     self.req.log_error('AUTH - sid when returnto set: 
>> ' + str(self.session.id()))
>>                     self.req.log_error('AUTH - returnto: ' + 
>> self.session['returnto'])
>>                     self.req.log_error('AUTH - internal redirect to 
>> login')
>>                     #Tried doing an internal redirect here but
>>                     #things don't go well. Code is executed after the 
>> internal redirect.
>>                     #The cookie with the session info is not sent to 
>> the client here so the returnto is lost.
>>                     #self.session.save()
>>                     #self.session.unlock()
>>                     # Commenting out the above two lines makes no 
>> difference.
>>                     # Servlet has better session_cleanup now.
>>                     self.internal_redirect('/login')
>>                     
>>                     #util.redirect(self.req,'/login')
>>
>>         else:
>>             self.req.log_error('AUTH - method not found')
>>             raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
>>         return
>>         
>>     def respond(self):
>>         
>> methodName=self.req.uri[:len(self.req.uri)-len(self.req.path_info)][1:]
>>         self.req.log_error ('UBERSERVLET RESPOND - method name: %s' % 
>> methodName)
>>         pages=Pages()
>>         method=getattr(pages,methodName,None)
>>         if method:
>>             self.req.log_error('UBERSERVLET RESPOND - calling method')
>>             if self.form.list:
>>                 self.write(method(self,self.form))
>>             else:
>>                 self.write(method(self))
>>             return True
>>         else:
>>             self.req.log_error('UBERSERVLET RESPOND - method not found')
>>             return False
>>         
>
>
>
>
>      Here's the "pages" contents:
>
>> from mod_python import util, apache
>> import data_object
>> import templates
>> import table_builder
>>
>> class Pages:
>>     def login(self,uberServlet):
>>         center=templates.login_template
>>         return templates.site_template(2,center=center,menu=False)
>>
>>
>>     def doLogin(self,uberServlet, form):
>>         login = form.getfirst('login')
>>         password = form.getfirst('password')
>>         if data_object.checkLoginAndPassword(login, password):
>>             uberServlet.session['username'] = login
>>             uberServlet.req.log_error('DOLOGIN - username and 
>> password confirmed')
>>             uberServlet.req.log_error('DOLOGIN - sid: ' + 
>> str(uberServlet.session.id()))
>>             return_to = uberServlet.session.pop('returnto','/index')
>>             uberServlet.req.log_error('DOLOGIN - return_to' + return_to)
>>             util.redirect(uberServlet.req,return_to)
>>         else:
>>             return self.login()
>>
>>     def table(self,uberServlet):
>>         return ....
>
>
>
> Here's my log of the session, using internal redirect with code above:

> ==== session cookies cleared here ====
> HANDLER-calling prep
> HANDLER-calling auth
> AUTH - methodName: table
> AUTH - method found
> AUTH - page: table requires login
> AUTH - user not logged in
> AUTH - sid when returnto set: ee97afd50f2f09af23f815da70815158
> AUTH - returnto: /table
> AUTH - internal redirect to login
> HANDLER-calling prep
> HANDLER-calling auth
> AUTH - methodName: login
> HANDLER-calling respond
> UBERSERVLET RESPOND - method name: login
> UBERSERVLET RESPOND - calling method
> HANDLER-calling wrapup
> --- login page ---
> HANDLER-calling prep, referer: http://nsnserver/table
> HANDLER-calling auth, referer: http://nsnserver/table
> AUTH - methodName: doLogin, referer: http://nsnserver/table
> HANDLER-calling respond, referer: http://nsnserver/table
> UBERSERVLET RESPOND - method name: doLogin, referer: 
> http://nsnserver/table
> UBERSERVLET RESPOND - calling method, referer: http://nsnserver/table
> DOLOGIN - username and password confirmed, referer: http://nsnserver/table
> DOLOGIN - sid: a8b4af31a3ccd4dce90ef03e86d7dcc6, referer: 
> http://nsnserver/table
> DOLOGIN - return_to/index, referer: http://nsnserver/table
> HANDLER-calling prep, referer: http://nsnserver/table
> HANDLER-calling auth, referer: http://nsnserver/table
> AUTH - methodName: index, referer: http://nsnserver/table
> AUTH - method found, referer: http://nsnserver/table
> AUTH - page: index does not require login, referer: http://nsnserver/table
> HANDLER-calling respond, referer: http://nsnserver/table
> UBERSERVLET RESPOND - method name: index, referer: http://nsnserver/table
> UBERSERVLET RESPOND - calling method, referer: http://nsnserver/table
> HANDLER-calling wrapup, referer: http://nsnserver/table
> --- index page ---
>

More information about the Mod_python mailing list