Graham Dumpleton
grahamd at dscpl.com.au
Fri Apr 1 06:18:21 EST 2005
A delayed response. :-) > Scott Chapman wrote: > >> Here's my uberServlet which demonstrates this "interesting" behavior. >> If I use the external redirect and comment out the internal >> redirect, everything works perfectly. >> >> Note that I have changed mpservlets to call prep BEFORE auth. This >> makes better sense to me. It is never a good idea to change third party pages in a way that makes yours different to everyone else. If you ever upgrade and forget the change you had made you will break your own code. Also, the "auth()" method provided with mpservlets is there specifically for dealing with HTTP basic authentication and it doesn't look to me like it is intended that it be overridden to substitute your own authentication mechanism. That it is called before any session creation makes it hard to do that anyway. Rather than swap the order of "auth()" and "prep()" you would have been better off simply doing your authentication and session management within the scope of "respond()" and ignore the existing "auth()" method. Ie., def respond(self): self.myauth() self.myrespond() Where "myauth()" contains the code currently in your "auth()" and "myrespond()" containing the code currently in your "respond()". Do it that way and you don't have to fiddle the mpservlets code. On 29/03/2005, at 9:45 AM, Scott Chapman wrote: > I'm not sure how to transfer the session to the internal redirect at > this point. It would be nice if that worked because I'm pretty sure > I'll need it later. This is a brand new session and no cookie has > been sent to the browser at the time of the internal redirect so > things don't work very well there. How should I transfer the session > to the internally redirected URI? You can't transfer any new session through to a handler triggered as a result of an internal redirection, AFAIK it must be bounced back to the browser in some way. There are other restrictions on using internal redirection as well which mean it isn't the magic pill some might think it is. First, you can't stash data in the req object and have it passed through the internal redirect because only the original Apache req object core is passed through. Second, if the top level servlet handler has already processed the form parameters, ie. with util.FieldStorage, and the form request was performed as a POST, the handler triggered by the redirection will not be able to access the form parameters. This is because util.FieldStorage has already consumed all the request content, it can't be done a second time and the first form object can't be passed through the req object. This problem affects mod_python.publisher and mpservlets. Third, (from memory) if the original URL mapped to a physical directory and was a POST request, when an internal redirection is done it magically turns into a GET request and even if the top level handler didn't process the form data, the sub handler can't get to the form data as util.FieldStorage thinks it was a GET request and not the POST request it was. This issue came up sometime in the last month and I think that was what the outcome was. Anyway, hope this might make you think twice about relying too much on internal redirections, at least in a system where some amount of processing is done prior to the actual redirection. :-) Graham
|