|
Graham Dumpleton
grahamd at dscpl.com.au
Mon Jun 20 18:38:48 EDT 2005
Scott Sanders wrote .. > The session cookie is not in the error headers, which are the only > headers sent on redirect. My workaround was to write a redirect > function that wrote out the session cookie in the error headers. I > will try and look for the source code. Hmmm, that doesn't quite make sense. I use util.redirect() with a session based login and have no problem at all. You might be able to learn something from: http://svn.dscpl.com.au/vampire/trunk/examples/session/access.py http://svn.dscpl.com.au/vampire/trunk/examples/session/ Working example at: http://www.dscpl.com.au/projects/vampire/examples/session Use mickey/mouse as login/password. I know it isn't using mpservlets and relies on a different package, but might still be useful. Graham > On Jun 20, 2005, at 12:08 PM, Scott Chapman wrote: > > > Hi! > > > > I'm having problems with session cookies and redirects. Can this be > > resolved or is this the way things work? > > > > If a user requests a page that requires a login login and they are not > > logged in (and they have no cookies), I automatically redirect > > (external) them to the login screen, after setting a "returnto" > > session > > entry. The returnto is lost because the cookie is not sent with > > the 302 > > response. > > > > Here's code in my auth method that sets the session returnto value and > > redirects them: > > > > > >> if requiresLogin: > >> self.req.log_error('AUTH - page: %s requires login' % methodName) > >> userID = self.session.get('userid', None) > >> # Check to see if the user is logged in > >> if not userID: > >> self.req.log_error('AUTH - user not logged in') > >> self.session['returnto'] = self.req.unparsed_uri > >> self.req.log_error('AUTH - sid when returnto set: ' + str > >> (self.session.id())) > >> self.req.log_error('AUTH - returnto: ' + self.session > >> ['returnto']) > >> self.req.log_error('AUTH - external redirect to login') > >> self.external_redirect('/login') > >> > > > > Here's the code in my /login screen which is supposed to catch the > > returnto and send them on their way: > > > > > >> user_id = data_object.checkLoginAndPassword(login, password) > >> if user_id: > >> # The login information is valid. > >> uberServlet.session['userid'] = user_id > >> uberServlet.req.log_error('LOGIN - username and password > >> confirmed') > >> uberServlet.req.log_error('LOGIN - userid,email: %s, %s' % > >> (user_id,login)) > >> uberServlet.req.log_error('LOGIN - session id: ' + str > >> (uberServlet.session.id())) > >> return_to = uberServlet.session.pop('returnto: ','/index') > >> uberServlet.req.log_error('LOGIN - return_to' + return_to) > >> util.redirect(uberServlet.req,return_to) > >> > > > > Here's the log: > > > > > >> HANDLER-calling prep > >> HANDLER-calling auth > >> AUTH - methodName: change_password > >> AUTH - method found > >> AUTH - page: change_password requires login > >> AUTH - user not logged in > >> AUTH - sid when returnto set: 82d588854c0a23ac67c7f986ab86ad79 > >> AUTH - returnto: /change_password > >> AUTH - external redirect to login > >> HANDLER-calling prep > >> HANDLER-calling auth > >> AUTH - methodName: login > >> HANDLER-calling respond > >> UBERSERVLET RESPOND - method name: login > >> UBERSERVLET RESPOND - calling method > >> HANDLER-calling wrapup > >> =========== login screen =========== > >> HANDLER-calling prep, referer: http://nsnserver/login > >> HANDLER-calling auth, referer: http://nsnserver/login > >> AUTH - methodName: login, referer: http://nsnserver/login > >> HANDLER-calling respond, referer: http://nsnserver/login > >> UBERSERVLET RESPOND - Converting form to dict, referer: http:// > >> nsnserver/login > >> UBERSERVLET RESPOND - Form Entry Type: <class > >> 'mod_python.util.StringField'>, referer: http://nsnserver/login > >> UBERSERVLET RESPOND - key: login, referer: http://nsnserver/login > >> UBERSERVLET RESPOND - Single Item, referer: http://nsnserver/login > >> UBERSERVLET RESPOND - Form Entry Type: <class > >> 'mod_python.util.StringField'>, referer: http://nsnserver/login > >> UBERSERVLET RESPOND - key: password, referer: http://nsnserver/login > >> UBERSERVLET RESPOND - Single Item, referer: http://nsnserver/login > >> UBERSERVLET RESPOND - form dict: {'login': 'scott at mischko.com', > >> 'password': 'letmein'}, referer: http://nsnserver/login > >> UBERSERVLET RESPOND - method name: login, referer: http:// > >> nsnserver/login > >> UBERSERVLET RESPOND - calling method, referer: http://nsnserver/login > >> LOGIN - username and password confirmed, referer: http://nsnserver/ > >> login > >> LOGIN - userid,email: 1, scott at mischko.com, referer: http:// > >> nsnserver/login > >> LOGIN - session id: e17247d6be677abadf19748044acb0bf, referer: > >> http://nsnserver/login > >> LOGIN - return_to/index, referer: http://nsnserver/login > >> HANDLER-calling prep, referer: http://nsnserver/login > >> HANDLER-calling auth, referer: http://nsnserver/login > >> AUTH - methodName: index, referer: http://nsnserver/login > >> AUTH - method found, referer: http://nsnserver/login > >> AUTH - page: index does not require login, referer: http:// > >> nsnserver/login > >> HANDLER-calling respond, referer: http://nsnserver/login > >> UBERSERVLET RESPOND - method name: index, referer: http:// > >> nsnserver/login > >> UBERSERVLET RESPOND - calling method, referer: http://nsnserver/login > >> HANDLER-calling wrapup, referer: http://nsnserver/login > >> > > > > > > And here's the HTTP live capture of headers: > > > > > >> http://nsnserver/ > >> change_password > >> > >> GET / > >> change_password HTTP/ > >> 1.1 > >> Host: > >> nsnserver > >> User-Agent: Mozilla/5.0 (Windows; > >> U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/ > >> 1.0.4 Accept: text/xml,application/xml,application/xhtml > >> +xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > >> Accept-Language: en- > >> us,en;q=0.5 > >> Accept-Encoding: > >> gzip,deflate > >> Accept-Charset: > >> ISO-8859-1,utf-8;q=0.7,*;q=0.7 > >> Keep-Alive: > >> 300 > >> Connection: keep- > >> alive > >> > >> HTTP/ > >> 1.x 302 > >> Found > >> Date: Fri, 17 Jun 2005 21:50:24 > >> GMT > >> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d > >> mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10 Location: / > >> login > >> Content-Length: > >> 336 > >> Keep-Alive: timeout=15, > >> max=100 > >> Connection: Keep- > >> Alive > >> Content-Type: text/html; > >> charset=iso-8859-1 > >> > >> ---------------------------------------------------------- > >> http://nsnserver/ > >> login > >> > >> GET / > >> login HTTP/ > >> 1.1 > >> Host: > >> nsnserver > >> User-Agent: Mozilla/5.0 (Windows; > >> U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/ > >> 1.0.4 Accept: text/xml,application/xml,application/xhtml > >> +xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > >> Accept-Language: en- > >> us,en;q=0.5 > >> Accept-Encoding: > >> gzip,deflate > >> Accept-Charset: > >> ISO-8859-1,utf-8;q=0.7,*;q=0.7 > >> Keep-Alive: > >> 300 > >> Connection: keep- > >> alive > >> > >> HTTP/ > >> 1.x 200 > >> OK > >> Date: Fri, 17 Jun 2005 21:50:25 > >> GMT > >> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d > >> mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10 Cache-Control: no- > >> cache="set- > >> cookie" > >> Set-Cookie: pysid=e17247d6be677abadf19748044acb0bf; > >> path=/ Keep-Alive: > >> timeout=15, > >> max=99 > >> Connection: Keep- > >> Alive > >> Transfer-Encoding: > >> chunked > >> Content-Type: text/ > >> html > >> > >> ---------------------------------------------------------- > >> ==========login screen in > >> web browser here===================== > >> http://nsnserver/login > >> POST /login HTTP/1.1 > >> Host: nsnserver > >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: > >> 1.7.8) Gecko/20050511 Firefox/1.0.4 > >> Accept: text/xml,application/xml,application/xhtml+xml,text/ > >> html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > >> Accept-Language: en-us,en;q=0.5 > >> Accept-Encoding: gzip,deflate > >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > >> Keep-Alive: 300 > >> Connection: keep-alive > >> Referer: http://nsnserver/login > >> Cookie: pysid=e17247d6be677abadf19748044acb0bf; > >> testSessionCookie=Enabled > >> Content-Type: application/x-www-form-urlencoded > >> Content-Length: 42 > >> login=scott%40mischko.com&password=letmein > >> HTTP/1.x 302 Found > >> Date: Fri, 17 Jun 2005 21:51:12 GMT > >> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d > >> mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10 > >> Location: /index > >> Keep-Alive: timeout=15, max=100 > >> Connection: Keep-Alive > >> Transfer-Encoding: chunked > >> Content-Type: text/plain > >> ---------------------------------------------------------- > >> http://nsnserver/index > >> GET /index HTTP/1.1 > >> Host: nsnserver > >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: > >> 1.7.8) Gecko/20050511 Firefox/1.0.4 > >> Accept: text/xml,application/xml,application/xhtml+xml,text/ > >> html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > >> Accept-Language: en-us,en;q=0.5 > >> Accept-Encoding: gzip,deflate > >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > >> Keep-Alive: 300 > >> Connection: keep-alive > >> Referer: http://nsnserver/login > >> Cookie: pysid=e17247d6be677abadf19748044acb0bf; > >> testSessionCookie=Enabled > >> HTTP/1.x 200 OK > >> Date: Fri, 17 Jun 2005 21:51:14 GMT > >> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d > >> mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10 > >> Keep-Alive: timeout=15, max=100 > >> Connection: Keep-Alive > >> Transfer-Encoding: chunked > >> Content-Type: text/html > >> > > > > > > > > _______________________________________________ > > Mod_python mailing list > > Mod_python at modpython.org > > http://mailman.modpython.org/mailman/listinfo/mod_python > > > > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python
|