[mod_python] Multiple calls to authenhandler()

Rune Hansen rune.hansen at scanmine.com
Thu Nov 4 05:39:31 EST 2004 

On 3. nov 2004, at 17.50, Rune Hansen wrote:

>
> On 3. nov 2004, at 16.40, Jorey Bump wrote:
>
>> Rune Hansen wrote:
>>> Hi,
>>> I get one call to authenthandler() when I access 
>>> http://www.mysite.com/
>>> I get two calls to authenthandler() when I access 
>>> http://www.mysite.com/myHandler.py/search
>>> and..
>>> I get three(!) calls to authenthandler() when I access 
>>> http://www.mysite.com/search.html, where search.html is an Apache 
>>> Rewrite of myHandler.py/search.
>>> Does anyone know how to avoid this?
>>> My Apache directory directive is:
>>> <VirtualHost *:80>
>>>     ServerName www.myhost.com
>>>     ServerAdmin root at host
>>>     DocumentRoot /var/www/html/search
>>>     .
>>> </VirtualHost>
>>> <Directory "/var/www/html/search">
>>>     .
>>>     RewriteEngine On
>>>     RewriteBase /
>>>     RewriteRule search.html "myHandler.py/search"
>>>     DirectoryIndex myHandler.py
>>>     AddHandler mod_python .py
>>>     PythonHandler mod_python.publisher
>>>     PythonAuthenHandler AuthentHandler
>>>     AuthType Basic
>>>     AuthName "Restricted Area"
>>>     require valid-user
>>>     PythonPath "sys.path+['...']"
>>>     PythonDebug On
>>> </Directory>
>>> It will kill performance if I have to re-verify the user three times 
>>> for each request. Sessions are, unfortunately, not an option.
>>> Any suggestions will be most welcome :)
>>
>> Are the results any different if you use this instead of a rewrite?
>>
>>  Redirect /search.html http:/www.mysite.com/myHandler.py/search
>>
> Hi Jorey,
> It seems to work and although it "solves" the problem, it's not at all 
> what I want(the client(s) accessing the service might not be able to 
> respond to a 303).
>
> There has to be a way to control how and when the authenthandler() is 
> invoked...?
>
> regards
>
> /rune
>

[For clarity I've included the thread that led up to this ]

Problem:
For each URI path element a mod_python handler is invoked. This applies 
to PythonAuthenHandler, PythonHeaderParserHandler and so on.
For me, this is a problem. I would like to avoid re-verifying the user 
three times for each request, regardless of verification method.

So,
a) I've got a miss-configuration which results in multiple calls to 
handlers, it's a local error that can be corrected or,
b) This is expected behavior and that  there is a technique to avoid 
this or,
c) This is expected and, for reasons that escapes me, desired behavior.

I'd greatly appreciate any help and suggestion

regards

/rune


"So as far as I'm concerned, SOAP is not XML, nor is it useful to even a
fraction of the degree to which it is destructive."
- Uche Ogbuji

More information about the Mod_python mailing list