[mod_python] Lama - I don't understand basic auth...

durumdara durumdara at gmail.com
Fri Oct 20 06:39:35 EDT 2006

Hi !

I want to create a site with restricted area.
I use apache auth., but I don't know, how to controll it later.
The documentation is very laconic in this theme, and I cannot 
understand, how to join/link my dbmsession based user management with 
this auth. method.

I need a restricted area that containing private informations, pages 
that I don't want to show.
Apache can keep out the non-valid users.
In normal way of the login when I want to intrude to a restricted area, 
a login form I get.
Then I can auth. myself, and the application is store UserID, LoginTime, 
After that I can see the content I need.

This section of my code/site I can create, because in the auth. handler 
script I can login, later in the req. handler script I can catch the 
username, and if I don't have specific values in Session, I can write 
them into user Session.
Later I can check these values, and I can control  the page view.

I don't know, how to control this Apache auth. later.
If Session time expired, I need to clear the Apache auth. values (user, 
pwd). If don't do this the apache auth. handler allow to access the 
restricted files.
When this Apache auth. finished ? How to I force to finish/expire ?

Or I understand something wrong ?

Thanks for your help:

<Directory "C:/web/htdocs/club">
    AddHandler mod_python .py
    PythonHandler index
    PythonAuthenHandler index
    PythonDebug On
    AuthType Basic
    AuthName "Restricted Area"
    require valid-user

from mod_python import apache

def authenhandler(req):
    pw = req.get_basic_auth_pw()
    user = req.user
    if user == "spam" and pw == "eggs":
       return apache.OK
       return apache.HTTP_UNAUTHORIZED

More information about the Mod_python mailing list