lists at elasticmind.net
Sun May 10 19:02:06 EDT 2009
Greetings, Hope you are well. I'm working on an application that has a number of pages that require users to log in. To make this nice and easy for the users, when they hit a page that needs authentication, I'd like the page to just call the function that handles all the login code and template rendering transparently, and then just redirect them back to the original URI they gave - so that from a user's point of view, the URI doesn't change. The program kinda works like this: # User goes to /mypage def index(req): if not hasattr(req, "websess"): req.websess = Session.DbmSession(req, timeout=1200) req.websess.save() ... sets some variables like title and stuff ... if user isn't logged in: from myapp.login import index as login_page return login_page(req, req.uri, 'template.html', title) else user must be loggedin: pull some data from the database and render the page using a templete return ...template... # login_page() function called by '/mypage' def index(req, refer_uri=None, refer_tmpl=None, refer_title=None): if not hasattr(req, "websess"): req.websess = Session.DbmSession(req, timeout=1200) req.websess.save() ... render a template containing a login form... ... user clicks the Login submit button after entering the username and password in the form... ... The html form action causes the referrer page (/mypage) to be reloaded... ... User is not logged in so process repeats with /login/index being called again having req data passed to it... ... /login/index checks the users login details and accepts the login request ... if user login is accepted: req.websess.unlock() # redirect back to /mypage since login was successful. req.internal_redirect(refer_uri) I didn't want to post a load of code that wasn't relevant, but I hope the pseudo code helps a little bit to explain what I was trying to achieve. This method works fine when the URI has no GET arguments, for example; if the user wants to go to the /mypage URI directly - it's fine. However, if the URI does have arguments, like /mypage?id=18, then the application keeps displaying the login page all the time and doesn't process the login correctly - or at least it seems. All the login stuff is done using POST, but the URI arguments for the /mypage code is done using GET. Since this is what apparently causes it to break, I'm assuming there must be something wrong here, but I'm not sure. Perhaps there is a better way of doing this, or if I want to use GET arguments as well, I need to go about solving this problem a different way? Any help or advice would be greatly appreciated. Thanks you in advance for your time and consideration.