|
Graham Dumpleton
grahamd at dscpl.com.au
Fri Apr 1 06:18:21 EST 2005
A delayed response. :-)
> Scott Chapman wrote:
>
>> Here's my uberServlet which demonstrates this "interesting" behavior.
>> If I use the external redirect and comment out the internal
>> redirect, everything works perfectly.
>>
>> Note that I have changed mpservlets to call prep BEFORE auth. This
>> makes better sense to me.
It is never a good idea to change third party pages in a way that makes
yours different to everyone else. If you ever upgrade and forget the
change you had made you will break your own code.
Also, the "auth()" method provided with mpservlets is there specifically
for dealing with HTTP basic authentication and it doesn't look to me
like
it is intended that it be overridden to substitute your own
authentication
mechanism. That it is called before any session creation makes it hard
to
do that anyway.
Rather than swap the order of "auth()" and "prep()" you would have been
better off simply doing your authentication and session management
within
the scope of "respond()" and ignore the existing "auth()" method. Ie.,
def respond(self):
self.myauth()
self.myrespond()
Where "myauth()" contains the code currently in your "auth()" and
"myrespond()"
containing the code currently in your "respond()".
Do it that way and you don't have to fiddle the mpservlets code.
On 29/03/2005, at 9:45 AM, Scott Chapman wrote:
> I'm not sure how to transfer the session to the internal redirect at
> this point. It would be nice if that worked because I'm pretty sure
> I'll need it later. This is a brand new session and no cookie has
> been sent to the browser at the time of the internal redirect so
> things don't work very well there. How should I transfer the session
> to the internally redirected URI?
You can't transfer any new session through to a handler triggered as a
result
of an internal redirection, AFAIK it must be bounced back to the
browser in some
way.
There are other restrictions on using internal redirection as well
which mean
it isn't the magic pill some might think it is.
First, you can't stash data in the req object and have it passed
through the
internal redirect because only the original Apache req object core is
passed
through.
Second, if the top level servlet handler has already processed the form
parameters, ie. with util.FieldStorage, and the form request was
performed
as a POST, the handler triggered by the redirection will not be able to
access the form parameters. This is because util.FieldStorage has
already
consumed all the request content, it can't be done a second time and the
first form object can't be passed through the req object. This problem
affects mod_python.publisher and mpservlets.
Third, (from memory) if the original URL mapped to a physical directory
and
was a POST request, when an internal redirection is done it magically
turns
into a GET request and even if the top level handler didn't process the
form data, the sub handler can't get to the form data as
util.FieldStorage
thinks it was a GET request and not the POST request it was. This issue
came up sometime in the last month and I think that was what the outcome
was.
Anyway, hope this might make you think twice about relying too much on
internal
redirections, at least in a system where some amount of processing is
done
prior to the actual redirection. :-)
Graham
|