|
Scott Sanders
sanders at apache.org
Mon Jun 20 16:08:10 EDT 2005
The session cookie is not in the error headers, which are the only
headers sent on redirect. My workaround was to write a redirect
function that wrote out the session cookie in the error headers. I
will try and look for the source code.
Scott
On Jun 20, 2005, at 12:08 PM, Scott Chapman wrote:
> Hi!
>
> I'm having problems with session cookies and redirects. Can this be
> resolved or is this the way things work?
>
> If a user requests a page that requires a login login and they are not
> logged in (and they have no cookies), I automatically redirect
> (external) them to the login screen, after setting a "returnto"
> session
> entry. The returnto is lost because the cookie is not sent with
> the 302
> response.
>
> Here's code in my auth method that sets the session returnto value and
> redirects them:
>
>
>> if requiresLogin:
>> self.req.log_error('AUTH - page: %s requires login' % methodName)
>> userID = self.session.get('userid', None)
>> # Check to see if the user is logged in
>> if not userID:
>> self.req.log_error('AUTH - user not logged in')
>> self.session['returnto'] = self.req.unparsed_uri
>> self.req.log_error('AUTH - sid when returnto set: ' + str
>> (self.session.id()))
>> self.req.log_error('AUTH - returnto: ' + self.session
>> ['returnto'])
>> self.req.log_error('AUTH - external redirect to login')
>> self.external_redirect('/login')
>>
>
> Here's the code in my /login screen which is supposed to catch the
> returnto and send them on their way:
>
>
>> user_id = data_object.checkLoginAndPassword(login, password)
>> if user_id:
>> # The login information is valid.
>> uberServlet.session['userid'] = user_id
>> uberServlet.req.log_error('LOGIN - username and password
>> confirmed')
>> uberServlet.req.log_error('LOGIN - userid,email: %s, %s' %
>> (user_id,login))
>> uberServlet.req.log_error('LOGIN - session id: ' + str
>> (uberServlet.session.id()))
>> return_to = uberServlet.session.pop('returnto: ','/index')
>> uberServlet.req.log_error('LOGIN - return_to' + return_to)
>> util.redirect(uberServlet.req,return_to)
>>
>
> Here's the log:
>
>
>> HANDLER-calling prep
>> HANDLER-calling auth
>> AUTH - methodName: change_password
>> AUTH - method found
>> AUTH - page: change_password requires login
>> AUTH - user not logged in
>> AUTH - sid when returnto set: 82d588854c0a23ac67c7f986ab86ad79
>> AUTH - returnto: /change_password
>> AUTH - external redirect to login
>> HANDLER-calling prep
>> HANDLER-calling auth
>> AUTH - methodName: login
>> HANDLER-calling respond
>> UBERSERVLET RESPOND - method name: login
>> UBERSERVLET RESPOND - calling method
>> HANDLER-calling wrapup
>> =========== login screen ===========
>> HANDLER-calling prep, referer: http://nsnserver/login
>> HANDLER-calling auth, referer: http://nsnserver/login
>> AUTH - methodName: login, referer: http://nsnserver/login
>> HANDLER-calling respond, referer: http://nsnserver/login
>> UBERSERVLET RESPOND - Converting form to dict, referer: http://
>> nsnserver/login
>> UBERSERVLET RESPOND - Form Entry Type: <class
>> 'mod_python.util.StringField'>, referer: http://nsnserver/login
>> UBERSERVLET RESPOND - key: login, referer: http://nsnserver/login
>> UBERSERVLET RESPOND - Single Item, referer: http://nsnserver/login
>> UBERSERVLET RESPOND - Form Entry Type: <class
>> 'mod_python.util.StringField'>, referer: http://nsnserver/login
>> UBERSERVLET RESPOND - key: password, referer: http://nsnserver/login
>> UBERSERVLET RESPOND - Single Item, referer: http://nsnserver/login
>> UBERSERVLET RESPOND - form dict: {'login': 'scott at mischko.com',
>> 'password': 'letmein'}, referer: http://nsnserver/login
>> UBERSERVLET RESPOND - method name: login, referer: http://
>> nsnserver/login
>> UBERSERVLET RESPOND - calling method, referer: http://nsnserver/login
>> LOGIN - username and password confirmed, referer: http://nsnserver/
>> login
>> LOGIN - userid,email: 1, scott at mischko.com, referer: http://
>> nsnserver/login
>> LOGIN - session id: e17247d6be677abadf19748044acb0bf, referer:
>> http://nsnserver/login
>> LOGIN - return_to/index, referer: http://nsnserver/login
>> HANDLER-calling prep, referer: http://nsnserver/login
>> HANDLER-calling auth, referer: http://nsnserver/login
>> AUTH - methodName: index, referer: http://nsnserver/login
>> AUTH - method found, referer: http://nsnserver/login
>> AUTH - page: index does not require login, referer: http://
>> nsnserver/login
>> HANDLER-calling respond, referer: http://nsnserver/login
>> UBERSERVLET RESPOND - method name: index, referer: http://
>> nsnserver/login
>> UBERSERVLET RESPOND - calling method, referer: http://nsnserver/login
>> HANDLER-calling wrapup, referer: http://nsnserver/login
>>
>
>
> And here's the HTTP live capture of headers:
>
>
>> http://nsnserver/
>> change_password
>>
>> GET /
>> change_password HTTP/
>> 1.1
>> Host:
>> nsnserver
>> User-Agent: Mozilla/5.0 (Windows;
>> U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/
>> 1.0.4 Accept: text/xml,application/xml,application/xhtml
>> +xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
>> Accept-Language: en-
>> us,en;q=0.5
>> Accept-Encoding:
>> gzip,deflate
>> Accept-Charset:
>> ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive:
>> 300
>> Connection: keep-
>> alive
>>
>> HTTP/
>> 1.x 302
>> Found
>> Date: Fri, 17 Jun 2005 21:50:24
>> GMT
>> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d
>> mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10 Location: /
>> login
>> Content-Length:
>> 336
>> Keep-Alive: timeout=15,
>> max=100
>> Connection: Keep-
>> Alive
>> Content-Type: text/html;
>> charset=iso-8859-1
>>
>> ----------------------------------------------------------
>> http://nsnserver/
>> login
>>
>> GET /
>> login HTTP/
>> 1.1
>> Host:
>> nsnserver
>> User-Agent: Mozilla/5.0 (Windows;
>> U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/
>> 1.0.4 Accept: text/xml,application/xml,application/xhtml
>> +xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
>> Accept-Language: en-
>> us,en;q=0.5
>> Accept-Encoding:
>> gzip,deflate
>> Accept-Charset:
>> ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive:
>> 300
>> Connection: keep-
>> alive
>>
>> HTTP/
>> 1.x 200
>> OK
>> Date: Fri, 17 Jun 2005 21:50:25
>> GMT
>> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d
>> mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10 Cache-Control: no-
>> cache="set-
>> cookie"
>> Set-Cookie: pysid=e17247d6be677abadf19748044acb0bf;
>> path=/ Keep-Alive:
>> timeout=15,
>> max=99
>> Connection: Keep-
>> Alive
>> Transfer-Encoding:
>> chunked
>> Content-Type: text/
>> html
>>
>> ----------------------------------------------------------
>> ==========login screen in
>> web browser here=====================
>> http://nsnserver/login
>> POST /login HTTP/1.1
>> Host: nsnserver
>> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
>> 1.7.8) Gecko/20050511 Firefox/1.0.4
>> Accept: text/xml,application/xml,application/xhtml+xml,text/
>> html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
>> Accept-Language: en-us,en;q=0.5
>> Accept-Encoding: gzip,deflate
>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive: 300
>> Connection: keep-alive
>> Referer: http://nsnserver/login
>> Cookie: pysid=e17247d6be677abadf19748044acb0bf;
>> testSessionCookie=Enabled
>> Content-Type: application/x-www-form-urlencoded
>> Content-Length: 42
>> login=scott%40mischko.com&password=letmein
>> HTTP/1.x 302 Found
>> Date: Fri, 17 Jun 2005 21:51:12 GMT
>> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d
>> mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10
>> Location: /index
>> Keep-Alive: timeout=15, max=100
>> Connection: Keep-Alive
>> Transfer-Encoding: chunked
>> Content-Type: text/plain
>> ----------------------------------------------------------
>> http://nsnserver/index
>> GET /index HTTP/1.1
>> Host: nsnserver
>> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
>> 1.7.8) Gecko/20050511 Firefox/1.0.4
>> Accept: text/xml,application/xml,application/xhtml+xml,text/
>> html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
>> Accept-Language: en-us,en;q=0.5
>> Accept-Encoding: gzip,deflate
>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive: 300
>> Connection: keep-alive
>> Referer: http://nsnserver/login
>> Cookie: pysid=e17247d6be677abadf19748044acb0bf;
>> testSessionCookie=Enabled
>> HTTP/1.x 200 OK
>> Date: Fri, 17 Jun 2005 21:51:14 GMT
>> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d
>> mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10
>> Keep-Alive: timeout=15, max=100
>> Connection: Keep-Alive
>> Transfer-Encoding: chunked
>> Content-Type: text/html
>>
>
>
>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
>
|