|
Daniel Nogradi
nogradi at gmail.com
Thu Apr 20 18:11:23 EDT 2006
I just started to experiment with the Session module and came up with
a minimalistic but complete example using the publisher handler. There
are two files, login.py asks for a password to log the user in and
another one which checks if the user was already logged in. In case
he/she isn't the request is redirected to login.py. There are a couple
of security issues with this solution of course but the point is only
to give a toy model demonstrating how this mechanism could in
principle work.
The notation assumes a SetHandler apache directive, with AddHandler
one needs to refer to the scripts as 'login.py' and 'test.py' not just
'login' or 'test'.
Please let me know what the experts think since I wouldn't want to
cause more harm than good by posting a silly FAQ entry :)
# this is our login page, login.py
from mod_python import Session, util
def index( req ):
session = Session.Session( req )
if not session.is_new( ):
return 'You are already logged in.'
form = """<html><form enctype="multipart/form-data" method="POST"
action="login">
<input type=text name="secret"><br>
<input type='submit' name='go' value='Go'>
</form></html>
"""
try:
secret = req.form[ 'secret' ]
except KeyError:
return form
if secret == 'my_dear_password':
session.save( )
return 'Password correct, now you are logged in.'
else:
return form
# end of login.py
and the other file is:
# this is test.py
from mod_python import Session, util
def index( req ):
session = Session.Session( req )
if session.is_new( ):
util.redirect( req, 'login' )
return
else:
return 'You are logged in.'
# end of test.py
|