[mod_python] Multiple calls to authenhandler()

Rune Hansen rune.hansen at scanmine.com
Thu Nov 4 05:39:31 EST 2004

On 3. nov 2004, at 17.50, Rune Hansen wrote:

> On 3. nov 2004, at 16.40, Jorey Bump wrote:
>> Rune Hansen wrote:
>>> Hi,
>>> I get one call to authenthandler() when I access 
>>> http://www.mysite.com/
>>> I get two calls to authenthandler() when I access 
>>> http://www.mysite.com/myHandler.py/search
>>> and..
>>> I get three(!) calls to authenthandler() when I access 
>>> http://www.mysite.com/search.html, where search.html is an Apache 
>>> Rewrite of myHandler.py/search.
>>> Does anyone know how to avoid this?
>>> My Apache directory directive is:
>>> <VirtualHost *:80>
>>>     ServerName www.myhost.com
>>>     ServerAdmin root at host
>>>     DocumentRoot /var/www/html/search
>>>     .
>>> </VirtualHost>
>>> <Directory "/var/www/html/search">
>>>     .
>>>     RewriteEngine On
>>>     RewriteBase /
>>>     RewriteRule search.html "myHandler.py/search"
>>>     DirectoryIndex myHandler.py
>>>     AddHandler mod_python .py
>>>     PythonHandler mod_python.publisher
>>>     PythonAuthenHandler AuthentHandler
>>>     AuthType Basic
>>>     AuthName "Restricted Area"
>>>     require valid-user
>>>     PythonPath "sys.path+['...']"
>>>     PythonDebug On
>>> </Directory>
>>> It will kill performance if I have to re-verify the user three times 
>>> for each request. Sessions are, unfortunately, not an option.
>>> Any suggestions will be most welcome :)
>> Are the results any different if you use this instead of a rewrite?
>>  Redirect /search.html http:/www.mysite.com/myHandler.py/search
> Hi Jorey,
> It seems to work and although it "solves" the problem, it's not at all 
> what I want(the client(s) accessing the service might not be able to 
> respond to a 303).
> There has to be a way to control how and when the authenthandler() is 
> invoked...?
> regards
> /rune

[For clarity I've included the thread that led up to this ]

For each URI path element a mod_python handler is invoked. This applies 
to PythonAuthenHandler, PythonHeaderParserHandler and so on.
For me, this is a problem. I would like to avoid re-verifying the user 
three times for each request, regardless of verification method.

a) I've got a miss-configuration which results in multiple calls to 
handlers, it's a local error that can be corrected or,
b) This is expected behavior and that  there is a technique to avoid 
this or,
c) This is expected and, for reasons that escapes me, desired behavior.

I'd greatly appreciate any help and suggestion



"So as far as I'm concerned, SOAP is not XML, nor is it useful to even a
fraction of the degree to which it is destructive."
- Uche Ogbuji

More information about the Mod_python mailing list