|
Jorey Bump
list at joreybump.com
Thu Oct 28 12:26:39 EDT 2004
Lukas Trejtnar wrote:
> The first solution by Jorey Bump doesn't pass the first
> authentification. It keeps asking for a username and a password forever
> (newsession == 1 -> return apache.HTTP_UNAUTHORISED). Or did I miss
> something?
I think we both did. Your session handling code should appear in the
section that handles successful authentication. Then you need to perform
the *authorization* step by checking the validity of the session. If
that test fails, you return apache.HTTP_UNAUTHORIZED (in addition to
returning it where authentication fails):
if passwd == "spam" and user == "eggs":
session handling/tests here
if passed:
return apache.OK
else:
return apache.HTTP_UNAUTHORIZED
else:
return apache.HTTP_UNAUTHORIZED
Again, this is untested, and I'm no sessions guru. If I get a chance to
work up any usable code, I'll post it.
|