[mod_python] servlet sessions

Daniel Popowich dpopowich at comcast.net
Wed Feb 2 16:22:09 EST 2005 

Colin Doherty writes:
> So I'm either still missing something or there is no
> direct way of referencing the session variable in an
> auth call - this would make sense if auth is called
> before prep as it appears from the docs.

Yes, auth is called before prep, so the session instance variable is
not yet available.

I went around and around and around on this when first writing the
class.  I'm still not sure I got it right and could be convinced
otherwise, but conceptually, authentication should happen asap after
the request is made, so it makes sense auth is called first.

An early version of mpservlets (pre-publication) had Servlet.prep()
being a no-op and all the stuff that currently happens in that method
occurring in a method called Servlet.handler_prep(), or some such and
this was called before auth, prep, respond, etc.  I think it was an
overwhelming Attack Of Symmetry that had me move it all into
Servlet.prep().

If you want to use HTTP basic authentication and have it conditional
on the session or other such knowledge only known after some point in
prep, I'd do this:

   def mybasicauth(self):
      # coded just like you would auth, but give it a different name,
      # so it's not called before prep

   def prep(self):
      # call superclass' prep
      MySuperClass.prep(self)
      # do some other work if need be, then...
      self.mybasicauth()

Perhaps future versions will accommodate having the session instance
variable set prior to calling auth.  It does seem to make sense.
      
> BTW the servlet handler seems excellent as far I have
> got it working, would it make the basis for either a
> python J2EE equivalent ?

I'm glad you're finding it useful.

As for the python j2ee...I don't have any interest in "mirroring" the
j2ee spec in python.  If others feel there's a need and want to use
mpservlets as the jumping off place, go for it.  That's why it's
opensource!

If, on the other hand, you mean could it become the tool that python
programmers go to as the base of OO web solutions.  Sure!  Pass on
your contributions (like having the session instance variable
available before auth is called) and let's make it the best tool it
can be!!

Daniel Popowich
-----------------------------------------------
http://home.comcast.net/~d.popowich/mpservlets/

More information about the Mod_python mailing list