[mod_python] Authentification/Session Management

Lukas Trejtnar l.trejtnar at open.ac.uk
Wed Oct 27 05:55:50 EDT 2004 

Hi,

I'm trying to implement a session management together with an 
authentification procedure.

I have a folder which contains PSP (my_pages). When a user accesses 
my_pages for the first time, an authentification dialogue box is 
invoked, a user is authentified and new session is created (with timeout 
300s). User happily browses my_pages.

Now, if s/he is inactive for more than 300s and starts browsing again, 
new session is created. It's fine, but I would like to force the 
authentification dialogue box to appear again before a session creation.

How can I do that? Here is my code:

Apache config:

<Directory "C:/Program Files/Apache Group/Apache2/htdocs/my_pages">
         AddHandler mod_python .py
     PythonHandler mod_python.publisher
     PythonAuthenHandler handlers
          PythonDebug On
          AuthType Basic
          AuthName "Restricted Area"
          require valid-user
         PythonOption ApplicationPath '/'
</Directory>

handlers.py file:

from mod_python import apache, Session

def authenhandler(req):

     req.session = Session.Session(req, timeout=300)

     passwd = req.get_basic_auth_pw()
     user = req.user

     if req.session.is_new():
         req.session['passwd'] = passwd
         req.session['user'] = user

     req.session.save()

     if  passwd == "spam" and user == "eggs":
         return apache.OK
     else:
         return apache.HTTP_UNAUTHORIZED


Thanks,
Lukas

More information about the Mod_python mailing list