[mod_python] xmlrpc connection

Matt Barnicle mattb at wageslavery.org
Tue Oct 7 18:38:51 EDT 2008

> 2008/10/7 Standa <stanislav.stipl at gmail.com>:
>> Hello,
>> I am trying to write an web application, where user logs to it
>> with web form
>> and then the mod_python application comunicates with the xmlrpc
server. I
>> would need either to keep persistent xmlrpc connection between
>> http requests
>> or store user's login and password. I have already tried to keep
the login
>> and password using mod_python session, but it is stored in
>> unencrypted file
>> on the hard disk and I don't think this would be safe enough.
>> Could you help
>> me? I am sory about my english..
>> Best regards, Standa
> Have you considered hashing the password before adding it to the
mod_python session?  Or possibly passing some other kind of
session id
> to the RPC server instead of the username and password?
> Colin

i think you only need to manage your state, don't you?  i would use
colin's advice above, and then just set a flag on the back end to
track whether the user is logged in or not.  you only need to
authenticate the user's password once per active session, unless you
want to ask them again for their password if they are trying to
change the main data in their account like their contact email
address or password.  otherwise, use some unique hashed session id
that you store in the user's cookies and store another copy of that
id on the back end.  if the two id's match on future requests, and
the backend logged_in flag is still true, they are logged in.  when
they log out, remove their session cookie and destroy the backend

- m@

More information about the Mod_python mailing list