[mod_python] Authentification/Session Management

Jorey Bump list at joreybump.com
Thu Oct 28 12:26:39 EDT 2004

Lukas Trejtnar wrote:

> The first solution by Jorey Bump doesn't pass the first 
> authentification. It keeps asking for a username and a password forever 
> (newsession == 1 -> return apache.HTTP_UNAUTHORISED). Or did I miss 
> something?

I think we both did. Your session handling code should appear in the 
section that handles successful authentication. Then you need to perform 
the *authorization* step by checking the validity of the session. If 
that test fails, you return apache.HTTP_UNAUTHORIZED (in addition to 
returning it where authentication fails):

  if passwd == "spam" and user == "eggs":
      session handling/tests here
      if passed:
          return apache.OK
          return apache.HTTP_UNAUTHORIZED
      return apache.HTTP_UNAUTHORIZED

Again, this is untested, and I'm no sessions guru. If I get a chance to 
work up any usable code, I'll post it.

More information about the Mod_python mailing list