|
Oliver Mellet
oliver at mellet.net
Sun Feb 15 11:55:34 EST 2004
In case anyone's curious, here's how I solved it (the example here is
for logging in to a Sasl2 db). Note that I no longer need to use
internal_redirect; util.redirect works fine:
from mod_python import Session, util
import Sasl2
def login(req, username, password, redir):
err = ""
name = ""
logged_in = False
try:
user = Sasl2.getuser(username)
if user != None:
if user['password'] == password:
logged_in = True
name = user["username"]
else:
err = "Invalid Password"
else:
err = "Invalid Username"
except Exception, e:
err = "Unexpected Error: %s" % e
req.log_error(str(e))
sess = Session.Session(req,secret="<yourpass>")
sess["error_str"] = err
sess["logged_in"] = logged_in
sess["user"] = name
sess.save()
util.redirect(req, redir)
On Feb 8, 2004, at 9:47 PM, Oliver Mellet wrote:
> I've got a situation where I need to protect pages, and I'm doing
> it using cookies and sessions. If the user requests a
> protected page and he or she hasn't logged in, I redirect them
> to a psp login page, which then POSTs to a publisher handler script.
> That script then does req.internal_redirect to the originating url, or
> back to the login page if the login didn't take.
> The problem I'm having is twofold:
> 1. If the login succeeds, then the internal redirect shows up in the
> location bar as the publisher script url, rather than the proper url
> of the protected document. It's ugly, but I can live with it if I
> have to.
>
> 2. If the login fails, the internal redirect back to the login page
> never
> happens; it seems like there's some sort of deadlock going from :
> login.psp redirect->POST login.py->internal_redirect login.psp
>
> Having said all that, there's probably a better way to skin this
> particular
> cat. If anyone has any suggestions, I'd be much obliged.
>
> Thanks
> Oliver
>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
|