|
Graham Dumpleton
grahamd at dscpl.com.au
Mon Feb 27 16:28:23 EST 2006
marinus van aswegen wrote ..
> Hi Graham
>
> I thought that my session line will not just create the session but will
> access the session for that request?
No it doesn't.
What you will need to do is to use a scheme whereby you cache the
first created session object for later access. The common convention
for this is to save it as "req.session".
def _get_session(req):
if not hasattr(req,"session"):
req.session = Session.Session(req, secret = config.cookie_passwd)
... perform any first time initialisation etc.
return req.session
def _validate_session(req):
session = _get_session(req)
....
def test(req):
_validate_session(req)
session = req.session
...
BTW, ensure you put an underscore before these utility functions
else they will be directly accessible to remote users with the right
URL. The underscore will hide them.
PS, please try and keep replies on the mailing list by using "Reply All"
and not just "Reply".
Graham
> On 2/27/06, Graham Dumpleton <grahamd at dscpl.com.au> wrote:
> >
> >
> > On 27/02/2006, at 7:36 PM, marinus van aswegen wrote:
> >
> > > def validate_session(req):
> > > """
> > > this function must be called prior to all function to
> > > ensure that the user is autenticated
> > > """
> > >
> > > # get the session for this request
> > > session = Session.Session(req, secret = config.cookie_passwd)
> > > .....
> >
> > > def test(req):
> > >
> > > validate_session(req)
> > >
> > > session = Session.Session(req, secret = config.cookie_passwd)
> >
> > Here is your first problem. The validate_session() function has already
> > created a session object. Creating the second here for the same request
> > will cause a deadlock.
> >
> > There are various other things which could be done better, but will just
> > point out this obvious thing for now.
> >
> > Graham
> >
|