|
durumdara
durumdara at gmail.com
Fri Oct 20 06:39:35 EDT 2006
Hi !
I want to create a site with restricted area.
I use apache auth., but I don't know, how to controll it later.
The documentation is very laconic in this theme, and I cannot
understand, how to join/link my dbmsession based user management with
this auth. method.
I need a restricted area that containing private informations, pages
that I don't want to show.
Apache can keep out the non-valid users.
In normal way of the login when I want to intrude to a restricted area,
a login form I get.
Then I can auth. myself, and the application is store UserID, LoginTime,
etc.
After that I can see the content I need.
This section of my code/site I can create, because in the auth. handler
script I can login, later in the req. handler script I can catch the
username, and if I don't have specific values in Session, I can write
them into user Session.
Later I can check these values, and I can control the page view.
BUT !
I don't know, how to control this Apache auth. later.
If Session time expired, I need to clear the Apache auth. values (user,
pwd). If don't do this the apache auth. handler allow to access the
restricted files.
When this Apache auth. finished ? How to I force to finish/expire ?
Or I understand something wrong ?
Thanks for your help:
dd
<Directory "C:/web/htdocs/club">
AddHandler mod_python .py
PythonHandler index
PythonAuthenHandler index
PythonDebug On
AuthType Basic
AuthName "Restricted Area"
require valid-user
</Directory>
from mod_python import apache
def authenhandler(req):
pw = req.get_basic_auth_pw()
user = req.user
if user == "spam" and pw == "eggs":
return apache.OK
else:
return apache.HTTP_UNAUTHORIZED
|