[mod_python] Sessions + Publisher

Todd Boland itodd at itodd.org
Wed Sep 22 12:24:16 EDT 2004


On Sep 22, 2004, at 9:50 AM, Terry MacDonald wrote:

> If is_new() is always true it means that a session cookie is not in the
> request.
>
> util.redirect does not set up the cookie in the response, calling
> Session(req, secret...) does that (if the request does not have a valid
> one already set)

My understanding of Session is as follows: When I call Session(req, 
secret=''), I am assuming that the class first checks for existing 
cookies sent by the client, if it doesn't find one, it generates the 
sid and sends the set-cookie header to the client. It also sets a 
private member to 1 for Session.is_new() to return.

Is this accurate?

>
> Not knowing what is going on in your login script its hard to tell what
> the exact problem is but I would check that session cookies are being
> exchnged between the browser and the server.

The cookie is definitely being set. Firefox and Safari both report 
having pysid cookies. All my login script is at the moment is:

def login(req, url=None):
	req.write('login')

Safari bitches about too many redirects and firefox is sent into an 
infinite redirect loop.

Thanks for your help and time Terry.

Todd

>
> On Wed, 2004-09-22 at 01:12, Todd Boland wrote:
>> Hello again!
>>
>> In my experiences as a web developer (I'm coming from a Perl/Mason
>> environment), I've found that the convenience of "transparently"
>> generating sessions outweighs the performance hit.
>>
>> I'm trying to implement sessions "transparently" using 2 handlers for
>> every request. The first handler makes sure a session is set, if it 
>> was
>> just created, it will forward the browser to a login page (like the
>> documentation suggests). More code that checks session ids against
>> values in the database to authenticate users will eventually be added.
>>
>> By the time a request gets to the second handler (the Publisher
>> handler), sessions have preemptively been taken care of (it's totally
>> "transparent").
>>
>> The problem I'm having is: I end up in an infinite redirect loop:
>>
>> The session handler:
>>
>> from mod_python import apache, util
>> from mod_python.Session import Session
>> from RPM.common import web_root
>>
>> def handler(req):
>>          session = Session(req, secret='********')
>>
>>          # if the session is new, they need to log in
>>          if session.is_new():
>>
>>                  # Using util's redirect will set the cookie
>>                  util.redirect(req, web_root('index.py/login?url=%s' %
>> req.uri))
>>
>> 	# TODO: Make sure sid is logged in
>>
>> 	# Hand off to Publisher handler by returning 200 OK
>>          return apache.OK
>>
>> session.is_new() always returns 1 even after the session cookie is set
>> (after the redirect). Any ideas or nudges in the right direction would
>> greatly be appreciated. Thanks!
> -- 
> Terry
> Registered Linux User # 311806
> www.taumu.com
>
>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
>


-- 
Todd Boland
Software Engineer
Charged Software
(508) 887-2885
Facsimile: (978) 264-0058

-- 
Statement of Confidentiality:

The information contained in this electronic message and any 
attachments to this message are intended for the exclusive use of the 
addressee(s) and may contain confidential or privileged information.

If you are not the intended recipient, please notify Todd Boland, at 
(508) 887-2885 immediately, and destroy all copies of this message and 
any attachments.



More information about the Mod_python mailing list