|
Scott Chapman
scott_list at mischko.com
Mon Jun 20 15:08:11 EDT 2005
Hi!
I'm having problems with session cookies and redirects. Can this be
resolved or is this the way things work?
If a user requests a page that requires a login login and they are not
logged in (and they have no cookies), I automatically redirect
(external) them to the login screen, after setting a "returnto" session
entry. The returnto is lost because the cookie is not sent with the 302
response.
Here's code in my auth method that sets the session returnto value and
redirects them:
> if requiresLogin:
> self.req.log_error('AUTH - page: %s requires login' % methodName)
> userID = self.session.get('userid', None)
> # Check to see if the user is logged in
> if not userID:
> self.req.log_error('AUTH - user not logged in')
> self.session['returnto'] = self.req.unparsed_uri
> self.req.log_error('AUTH - sid when returnto set: ' + str(self.session.id()))
> self.req.log_error('AUTH - returnto: ' + self.session['returnto'])
> self.req.log_error('AUTH - external redirect to login')
> self.external_redirect('/login')
Here's the code in my /login screen which is supposed to catch the
returnto and send them on their way:
> user_id = data_object.checkLoginAndPassword(login, password)
> if user_id:
> # The login information is valid.
> uberServlet.session['userid'] = user_id
> uberServlet.req.log_error('LOGIN - username and password confirmed')
> uberServlet.req.log_error('LOGIN - userid,email: %s, %s' % (user_id,login))
> uberServlet.req.log_error('LOGIN - session id: ' + str(uberServlet.session.id()))
> return_to = uberServlet.session.pop('returnto: ','/index')
> uberServlet.req.log_error('LOGIN - return_to' + return_to)
> util.redirect(uberServlet.req,return_to)
Here's the log:
> HANDLER-calling prep
> HANDLER-calling auth
> AUTH - methodName: change_password
> AUTH - method found
> AUTH - page: change_password requires login
> AUTH - user not logged in
> AUTH - sid when returnto set: 82d588854c0a23ac67c7f986ab86ad79
> AUTH - returnto: /change_password
> AUTH - external redirect to login
> HANDLER-calling prep
> HANDLER-calling auth
> AUTH - methodName: login
> HANDLER-calling respond
> UBERSERVLET RESPOND - method name: login
> UBERSERVLET RESPOND - calling method
> HANDLER-calling wrapup
> =========== login screen ===========
> HANDLER-calling prep, referer: http://nsnserver/login
> HANDLER-calling auth, referer: http://nsnserver/login
> AUTH - methodName: login, referer: http://nsnserver/login
> HANDLER-calling respond, referer: http://nsnserver/login
> UBERSERVLET RESPOND - Converting form to dict, referer: http://nsnserver/login
> UBERSERVLET RESPOND - Form Entry Type: <class 'mod_python.util.StringField'>, referer: http://nsnserver/login
> UBERSERVLET RESPOND - key: login, referer: http://nsnserver/login
> UBERSERVLET RESPOND - Single Item, referer: http://nsnserver/login
> UBERSERVLET RESPOND - Form Entry Type: <class 'mod_python.util.StringField'>, referer: http://nsnserver/login
> UBERSERVLET RESPOND - key: password, referer: http://nsnserver/login
> UBERSERVLET RESPOND - Single Item, referer: http://nsnserver/login
> UBERSERVLET RESPOND - form dict: {'login': 'scott at mischko.com', 'password': 'letmein'}, referer: http://nsnserver/login
> UBERSERVLET RESPOND - method name: login, referer: http://nsnserver/login
> UBERSERVLET RESPOND - calling method, referer: http://nsnserver/login
> LOGIN - username and password confirmed, referer: http://nsnserver/login
> LOGIN - userid,email: 1, scott at mischko.com, referer: http://nsnserver/login
> LOGIN - session id: e17247d6be677abadf19748044acb0bf, referer: http://nsnserver/login
> LOGIN - return_to/index, referer: http://nsnserver/login
> HANDLER-calling prep, referer: http://nsnserver/login
> HANDLER-calling auth, referer: http://nsnserver/login
> AUTH - methodName: index, referer: http://nsnserver/login
> AUTH - method found, referer: http://nsnserver/login
> AUTH - page: index does not require login, referer: http://nsnserver/login
> HANDLER-calling respond, referer: http://nsnserver/login
> UBERSERVLET RESPOND - method name: index, referer: http://nsnserver/login
> UBERSERVLET RESPOND - calling method, referer: http://nsnserver/login
> HANDLER-calling wrapup, referer: http://nsnserver/login
And here's the HTTP live capture of headers:
> http://nsnserver/change_password
>
> GET /change_password HTTP/1.1
> Host: nsnserver
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
> Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
>
> HTTP/1.x 302 Found
> Date: Fri, 17 Jun 2005 21:50:24 GMT
> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10
> Location: /login
> Content-Length: 336
> Keep-Alive: timeout=15, max=100
> Connection: Keep-Alive
> Content-Type: text/html; charset=iso-8859-1
> ----------------------------------------------------------
> http://nsnserver/login
>
> GET /login HTTP/1.1
> Host: nsnserver
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
> Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
>
> HTTP/1.x 200 OK
> Date: Fri, 17 Jun 2005 21:50:25 GMT
> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10
> Cache-Control: no-cache="set-cookie"
> Set-Cookie: pysid=e17247d6be677abadf19748044acb0bf; path=/
> Keep-Alive: timeout=15, max=99
> Connection: Keep-Alive
> Transfer-Encoding: chunked
> Content-Type: text/html
> ----------------------------------------------------------
> ==========login screen in web browser here=====================
> http://nsnserver/login
>
> POST /login HTTP/1.1
> Host: nsnserver
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
> Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
> Referer: http://nsnserver/login
> Cookie: pysid=e17247d6be677abadf19748044acb0bf; testSessionCookie=Enabled
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 42
> login=scott%40mischko.com&password=letmein
> HTTP/1.x 302 Found
> Date: Fri, 17 Jun 2005 21:51:12 GMT
> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10
> Location: /index
> Keep-Alive: timeout=15, max=100
> Connection: Keep-Alive
> Transfer-Encoding: chunked
> Content-Type: text/plain
> ----------------------------------------------------------
> http://nsnserver/index
>
> GET /index HTTP/1.1
> Host: nsnserver
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
> Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
> Referer: http://nsnserver/login
> Cookie: pysid=e17247d6be677abadf19748044acb0bf; testSessionCookie=Enabled
>
> HTTP/1.x 200 OK
> Date: Fri, 17 Jun 2005 21:51:14 GMT
> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10
> Keep-Alive: timeout=15, max=100
> Connection: Keep-Alive
> Transfer-Encoding: chunked
> Content-Type: text/html
|