|
Graham Dumpleton
grahamd at dscpl.com.au
Mon Jun 20 19:09:41 EDT 2005
Is the problem perhaps that you are using: self.external_redirect(...) and not: util.redirect(...) In util.redirect(), it writes actual page content out and this may trigger the flushing out of any headers that have been set indirectly by Session for cookies. In self.external_redirect() of mpservlets() it neither flushes the headers or writes any content and so cookie headers may not get written. Graham Graham Dumpleton wrote .. > Scott Sanders wrote .. > > The session cookie is not in the error headers, which are the only > > headers sent on redirect. My workaround was to write a redirect > > function that wrote out the session cookie in the error headers. I > > will try and look for the source code. > > Hmmm, that doesn't quite make sense. I use util.redirect() with a > session based login and have no problem at all. You might be able > to learn something from: > > http://svn.dscpl.com.au/vampire/trunk/examples/session/access.py > http://svn.dscpl.com.au/vampire/trunk/examples/session/ > > Working example at: > > http://www.dscpl.com.au/projects/vampire/examples/session > > Use mickey/mouse as login/password. > > I know it isn't using mpservlets and relies on a different package, > but might still be useful. > > Graham > > > On Jun 20, 2005, at 12:08 PM, Scott Chapman wrote: > > > > > Hi! > > > > > > I'm having problems with session cookies and redirects. Can this be > > > resolved or is this the way things work? > > > > > > If a user requests a page that requires a login login and they are > not > > > logged in (and they have no cookies), I automatically redirect > > > (external) them to the login screen, after setting a "returnto" > > > session > > > entry. The returnto is lost because the cookie is not sent with > > > the 302 > > > response. > > > > > > Here's code in my auth method that sets the session returnto value > and > > > redirects them: > > > > > > > > >> if requiresLogin: > > >> self.req.log_error('AUTH - page: %s requires login' % methodName) > > >> userID = self.session.get('userid', None) > > >> # Check to see if the user is logged in > > >> if not userID: > > >> self.req.log_error('AUTH - user not logged in') > > >> self.session['returnto'] = self.req.unparsed_uri > > >> self.req.log_error('AUTH - sid when returnto set: ' + str > > >> (self.session.id())) > > >> self.req.log_error('AUTH - returnto: ' + self.session > > >> ['returnto']) > > >> self.req.log_error('AUTH - external redirect to login') > > >> self.external_redirect('/login') > > >> > > > > > > Here's the code in my /login screen which is supposed to catch the > > > returnto and send them on their way: > > > > > > > > >> user_id = data_object.checkLoginAndPassword(login, password) > > >> if user_id: > > >> # The login information is valid. > > >> uberServlet.session['userid'] = user_id > > >> uberServlet.req.log_error('LOGIN - username and password > > >> confirmed') > > >> uberServlet.req.log_error('LOGIN - userid,email: %s, %s' % > > >> (user_id,login)) > > >> uberServlet.req.log_error('LOGIN - session id: ' + str > > >> (uberServlet.session.id())) > > >> return_to = uberServlet.session.pop('returnto: ','/index') > > >> uberServlet.req.log_error('LOGIN - return_to' + return_to) > > >> util.redirect(uberServlet.req,return_to) > > >> > > > > > > Here's the log: > > > > > > > > >> HANDLER-calling prep > > >> HANDLER-calling auth > > >> AUTH - methodName: change_password > > >> AUTH - method found > > >> AUTH - page: change_password requires login > > >> AUTH - user not logged in > > >> AUTH - sid when returnto set: 82d588854c0a23ac67c7f986ab86ad79 > > >> AUTH - returnto: /change_password > > >> AUTH - external redirect to login > > >> HANDLER-calling prep > > >> HANDLER-calling auth > > >> AUTH - methodName: login > > >> HANDLER-calling respond > > >> UBERSERVLET RESPOND - method name: login > > >> UBERSERVLET RESPOND - calling method > > >> HANDLER-calling wrapup > > >> =========== login screen =========== > > >> HANDLER-calling prep, referer: http://nsnserver/login > > >> HANDLER-calling auth, referer: http://nsnserver/login > > >> AUTH - methodName: login, referer: http://nsnserver/login > > >> HANDLER-calling respond, referer: http://nsnserver/login > > >> UBERSERVLET RESPOND - Converting form to dict, referer: http:// > > >> nsnserver/login > > >> UBERSERVLET RESPOND - Form Entry Type: <class > > >> 'mod_python.util.StringField'>, referer: http://nsnserver/login > > >> UBERSERVLET RESPOND - key: login, referer: http://nsnserver/login > > >> UBERSERVLET RESPOND - Single Item, referer: http://nsnserver/login > > >> UBERSERVLET RESPOND - Form Entry Type: <class > > >> 'mod_python.util.StringField'>, referer: http://nsnserver/login > > >> UBERSERVLET RESPOND - key: password, referer: http://nsnserver/login > > >> UBERSERVLET RESPOND - Single Item, referer: http://nsnserver/login > > >> UBERSERVLET RESPOND - form dict: {'login': 'scott at mischko.com', > > >> 'password': 'letmein'}, referer: http://nsnserver/login > > >> UBERSERVLET RESPOND - method name: login, referer: http:// > > >> nsnserver/login > > >> UBERSERVLET RESPOND - calling method, referer: http://nsnserver/login > > >> LOGIN - username and password confirmed, referer: http://nsnserver/ > > >> login > > >> LOGIN - userid,email: 1, scott at mischko.com, referer: http:// > > >> nsnserver/login > > >> LOGIN - session id: e17247d6be677abadf19748044acb0bf, referer: > > >> http://nsnserver/login > > >> LOGIN - return_to/index, referer: http://nsnserver/login > > >> HANDLER-calling prep, referer: http://nsnserver/login > > >> HANDLER-calling auth, referer: http://nsnserver/login > > >> AUTH - methodName: index, referer: http://nsnserver/login > > >> AUTH - method found, referer: http://nsnserver/login > > >> AUTH - page: index does not require login, referer: http:// > > >> nsnserver/login > > >> HANDLER-calling respond, referer: http://nsnserver/login > > >> UBERSERVLET RESPOND - method name: index, referer: http:// > > >> nsnserver/login > > >> UBERSERVLET RESPOND - calling method, referer: http://nsnserver/login > > >> HANDLER-calling wrapup, referer: http://nsnserver/login > > >> > > > > > > > > > And here's the HTTP live capture of headers: > > > > > > > > >> http://nsnserver/ > > >> change_password > > >> > > >> GET / > > >> change_password HTTP/ > > >> 1.1 > > >> Host: > > >> nsnserver > > >> User-Agent: Mozilla/5.0 (Windows; > > >> U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/ > > >> 1.0.4 Accept: text/xml,application/xml,application/xhtml > > >> +xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > > >> Accept-Language: en- > > >> us,en;q=0.5 > > >> Accept-Encoding: > > >> gzip,deflate > > >> Accept-Charset: > > >> ISO-8859-1,utf-8;q=0.7,*;q=0.7 > > >> Keep-Alive: > > >> 300 > > >> Connection: keep- > > >> alive > > >> > > >> HTTP/ > > >> 1.x 302 > > >> Found > > >> Date: Fri, 17 Jun 2005 21:50:24 > > >> GMT > > >> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d > > >> mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10 Location: / > > >> login > > >> Content-Length: > > >> 336 > > >> Keep-Alive: timeout=15, > > >> max=100 > > >> Connection: Keep- > > >> Alive > > >> Content-Type: text/html; > > >> charset=iso-8859-1 > > >> > > >> ---------------------------------------------------------- > > >> http://nsnserver/ > > >> login > > >> > > >> GET / > > >> login HTTP/ > > >> 1.1 > > >> Host: > > >> nsnserver > > >> User-Agent: Mozilla/5.0 (Windows; > > >> U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/ > > >> 1.0.4 Accept: text/xml,application/xml,application/xhtml > > >> +xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > > >> Accept-Language: en- > > >> us,en;q=0.5 > > >> Accept-Encoding: > > >> gzip,deflate > > >> Accept-Charset: > > >> ISO-8859-1,utf-8;q=0.7,*;q=0.7 > > >> Keep-Alive: > > >> 300 > > >> Connection: keep- > > >> alive > > >> > > >> HTTP/ > > >> 1.x 200 > > >> OK > > >> Date: Fri, 17 Jun 2005 21:50:25 > > >> GMT > > >> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d > > >> mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10 Cache-Control: no- > > >> cache="set- > > >> cookie" > > >> Set-Cookie: pysid=e17247d6be677abadf19748044acb0bf; > > >> path=/ Keep-Alive: > > >> timeout=15, > > >> max=99 > > >> Connection: Keep- > > >> Alive > > >> Transfer-Encoding: > > >> chunked > > >> Content-Type: text/ > > >> html > > >> > > >> ---------------------------------------------------------- > > >> ==========login screen in > > >> web browser here===================== > > >> http://nsnserver/login > > >> POST /login HTTP/1.1 > > >> Host: nsnserver > > >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: > > >> 1.7.8) Gecko/20050511 Firefox/1.0.4 > > >> Accept: text/xml,application/xml,application/xhtml+xml,text/ > > >> html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > > >> Accept-Language: en-us,en;q=0.5 > > >> Accept-Encoding: gzip,deflate > > >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > > >> Keep-Alive: 300 > > >> Connection: keep-alive > > >> Referer: http://nsnserver/login > > >> Cookie: pysid=e17247d6be677abadf19748044acb0bf; > > >> testSessionCookie=Enabled > > >> Content-Type: application/x-www-form-urlencoded > > >> Content-Length: 42 > > >> login=scott%40mischko.com&password=letmein > > >> HTTP/1.x 302 Found > > >> Date: Fri, 17 Jun 2005 21:51:12 GMT > > >> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d > > >> mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10 > > >> Location: /index > > >> Keep-Alive: timeout=15, max=100 > > >> Connection: Keep-Alive > > >> Transfer-Encoding: chunked > > >> Content-Type: text/plain > > >> ---------------------------------------------------------- > > >> http://nsnserver/index > > >> GET /index HTTP/1.1 > > >> Host: nsnserver > > >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: > > >> 1.7.8) Gecko/20050511 Firefox/1.0.4 > > >> Accept: text/xml,application/xml,application/xhtml+xml,text/ > > >> html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > > >> Accept-Language: en-us,en;q=0.5 > > >> Accept-Encoding: gzip,deflate > > >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > > >> Keep-Alive: 300 > > >> Connection: keep-alive > > >> Referer: http://nsnserver/login > > >> Cookie: pysid=e17247d6be677abadf19748044acb0bf; > > >> testSessionCookie=Enabled > > >> HTTP/1.x 200 OK > > >> Date: Fri, 17 Jun 2005 21:51:14 GMT > > >> Server: Apache/2.0.53 (Unix) mod_ssl/2.0.53 OpenSSL/0.9.7d > > >> mod_python/3.1.4 Python/2.4.1c2 PHP/4.3.10 > > >> Keep-Alive: timeout=15, max=100 > > >> Connection: Keep-Alive > > >> Transfer-Encoding: chunked > > >> Content-Type: text/html > > >> > > > > > > > > > > > > _______________________________________________ > > > Mod_python mailing list > > > Mod_python at modpython.org > > > http://mailman.modpython.org/mailman/listinfo/mod_python > > > > > > > _______________________________________________ > > Mod_python mailing list > > Mod_python at modpython.org > > http://mailman.modpython.org/mailman/listinfo/mod_python > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python
|